Everyone would agree that if the sending server's IP address is listed on a respected RBL like SpamHaus, there is a very high percentage chance that that message is spam. (not that other additional testing shouldn't be done... but, looking at this alone, at least 99.9+% of the time, the message is spam)
Everyone would also agree that if an IP address found in the header is listed at SpamHaus, it ALSO has a very high probability of being spam.... but perhaps not quite as high a chance as it would if this ip address were the actual sending mail server? Therefore, what I'm wondering is: (1) roughly, what is the dropoff in percentage chance of being spam if the RBL-listed IP is in the header but not actually the sending server's IP. (2) are there any particular pit-falls or suggestions about minimizing FPs where messages are blocked based on IPs within the header but not the actual sending mail server (of course, I know that additional testing, like rules and SURBL are also good... I'm wondering if there are any other things to prevent FPs when relying on this method...) Rob McEwen
