Blackberry emails trigger a bunch of BASE64 rules, that are not meaningful. It's just the way it works.
Two thoughts: a) If blackberry.com doesn't often spam, why not: whitelist_from_rcvd * blackberry.com Doing this appears to work, but there is a note in perldoc::mail::spamassassin::conf that says: whitelist_allows_relays [EMAIL PROTECTED] Specify addresses which are in "whitelist_from_rcvd" that sometimes send through a mail relay other than the listed ones. By default mail with a From address that is in "whitelist_from_rcvd" that does not match the relay will trigger a forgery rule. Including the address in "whitelist_allows_relay" prevents that. This does not appear to be happening (IE, I don't see non-blackberry mail triggering a "forgery rule"). Is the note wrong? Does it only apply if there is more meat to the address than just a "*"? b) Maybe I'd be better off with a few points (vs -100 from a whitelist) if the received_from ends blackberry. I could write a rule for that, and score say -4. Which way should I go? If a) need I worry about whitelist_allows_relays? Dan Barker REF: pts rule name description ---- ---------------------- ------------------------------------------------ -- 1.9 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding 0.2 MIME_BASE64_NO_NAME RAW: base64 attachment does not have a file name 1.3 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily 1.7 LW_STOCK_SPAM4 Yup, its a spam!