Re: replay RBL queries one hour later

[Rob McEwen]

Something to keep in mind about this idea of rescanning messages later - 
once more anti-spam data is available - for use in training/reporting 
spams - this probably should NOT be done days later because SOME senders 
aggressively expire/recycle DKIM dns records. I guess that is to 
minimize the ability for criminals to spoof DKIM? The result is that if 
you implement this idea on days-old messages, you can end up with some 
spam scoring that was ONLY due to the DKIM not being valid anymore, 
where it was valid at the time the message was sent. This can lead to 
many egregious false positives. But doing this "one hour later" 
shouldn't have this problem.

Rob McEwen, invaluement