Sorry, I was not clear. A lot of phishing that passes the antispam checks comes from *hacked* accounts from universities and government agencies. So SPF, DKIM, DMARC, all these pass and give negative score.
Only RBL (ip, url or hash), bayes from past phishing or some handmade rules can detect them, and their score may not sum up to the spam threshold (I have to review and rescore these handmade rules).
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
