I don't know enough about real-world usage to comment intelligently.
But I will say that a negative score just because something is encrypted
will likely have a pretty negative impact. It assumes no ham ever hits
that rule.
Perhaps a meta?
On 12/14/2015 3:32 PM, John Hardin wrote:
All:
Any objection to promoting __CT_ENCRYPTED and ENCRYPTED_MESSAGE out of
the sandbox to permanent rules, and giving ENCRYPTED_MESSAGE a
negative (nice) score (say, -1)?
I think that's fairly safe to do, as I doubt a spammer would impose
the overhead of decryption on their victims, and I'm not sure exactly
how well sandbox+masscheck works for "nice" rules.
