> Yes, my point being that rather than saying "they are not useful" we > really ought to be working hard on finding ways to add more of them, > because it is their volume that makes them useful (otoh, having too many > of them, such that the bar is lowered, is indeed bad).
Ah, but from experience, they *haven't* been useful. SA used to have quite a few negative-scoring rules, and as a result spammers started tailoring their spam to hit them.
I agree entirely, Kelson speaks true here. Any rule based on simple message content alone can be forged trivially and abused by spammers.
I think the big point to get across is we aren't just saying "they aren't useful", it's "We've been there, done that, and got screwed by the spammers for it." 2.50 shipped with a bunch of negative scoring rules, and it resulted in the completely infamous bug 1589 breaking out:
http://bugzilla.spamassassin.org/show_bug.cgi?id=1589
That said, I do personally favor having lots of very small-scoring negative rules (ie: -0.01 each) and set the ham autolearn threshold to -0.01. This prevents a lot of "low scoring spam learned as ham" problems, as now in order to learn it must hit at least one of the ham rules. Learning as ham any message with a small positive score as per default is just asking for trouble.
Keeping the scores of the rules small means they are too trivial to be abused for any significant gain by spammers.
