Every now an then I see a spam getting trough thanks to one or two DK_POLICY_* tests triggered, and each one of them contributing -1 score points. (this is with SA trunk, but I don't think this has changed recently).
Seems like all the following tests: DK_POLICY_SIGNALL, DK_POLICY_SIGNSOME, DK_POLICY_TESTING, DK_SIGNED, DK_VERIFIED have a default score of -1 due to 'tflags nice'. In my opinion a score value -1 is too strong for most if not all of them, especially the DK_POLICY_* ones. Seems like spammers are aware of it, or they just are lucky too often. It is generally true that negative score points are to be avoided, as they can be abused. In case of DK, just having a policy for a domain shouldn't mean much. The only rule that has some merit is DK_VERIFIED. I see every now and then a similar finding posted to the mailing list. For the 3.1.2 I suggest that all of DK_* rules expect DK_SIGNED receive an explicit default score closer to zero. Mark
