Op zaterdag 9 jun 2012 14:01 CEST schreef RW: > On Sat, 09 Jun 2012 11:52:58 +0200 > Cecil Westerhof wrote: > >> A few of the mails on this group came in my spam folder because of: >> 2.9 SPOOF_COM2OTH URI: URI contains ".com" in middle >> 2.0 SPOOF_COM2COM URI: URI contains ".com" in middle and end >> >> Personally I think that the second one should not be used when the >> first is already triggered. > > That's equivalent to removing the second rule completely. > > It's clearly not an accidental overlap. The implication is that the > former is a good spam indicator and the latter a virtually certain > one. They could be rewritten as > > 2.9 SPOOF_COM2NOTCOM > 4.9 SPOOF_COM2COM > > > There's nothing wrong with the way the rules are implemented, but the > 4.9 score seems very high.
Okay, the combination could be useful, but the scores are to high then. -- Cecil Westerhof Senior Software Engineer LinkedIn: http://www.linkedin.com/in/cecilwesterhof