I'd like to propose a new rule to help SpamAssassin decide whether or not a given message is spam. Namely, I think SA should test for the presence of an X-Face header. The use of X-Face enjoys some popularity amongst users of Unix and Usenet; on the other hand, in years of checking I haven't received a single spam mail with an X-Face header.
What does everyone else think?
The only problem with simple comp rules like this one is that spammers quickly realize it exists and start abusing the rule. Major spammers do have access to SA, as well as this list's archives, and do carefully tune their spam to try to evade SA. Anything that easy is giving a free partial whitelist to the spammers.
There were "comp rules" in older versions of SA (2.5x), and then one day spammers realized they could optimize their message headers to match several of the comp rules and effectively whitelist themselves. Hence the infamous "kmail + pine" messages...
http://bugzilla.spamassassin.org/show_bug.cgi?id=1808
That's why there are no more simple body-text or header based negative scoring rules in SA anymore. The only exception is habeas, but that has a DNSBL paired with it to track infringers vs well behaved users. Anything forgeable is just a gimme for the enemy.
