MSGID_RANDY is hitting messages written by "secure mail" software used by at least two health care providers, optumhealth.com and uhc.com. Sample: <4d7a08$dgl...@mail16.uhc.com> MSGID_RANDY no longer gets much spam, and what it gets scores pretty high even without it. Yesterday, here, 45 total hits on MSGID_RANDY (of 2,748,004 messages) .. 14 were Secure Mail .. The 31 others scored 10.5 to 34.7 Your mileage may vary. In fact I'd like to know how it looks on other systems. But I'm going to zero the score here. If we want to save the rule, the health care messages can be identified by these features: Subject contains /Secure Message from / followed by the same address as the From header. The message body contains a MIME part named securedoc.html coded as application/octet stream. I cannot post a sample secure message. Joseph Brennan Columbia University Information Technology (I just noticed MSGID_RANDY also hits on score reports from ancient software used by the Educational Testing Service, ets.org, and that we whitelisted them a long time ago to work around it. Their mail has two-digit years too, so I considered them a true whitelist case that can't be helped otherwise.)
