Having received a couple of messages faking to be from yahoo, despite FORGED_YAHOO_RCVD and few other rules firing, the final score was not high enough. Since Yahoo! is signing their outgoing mail with DomainKeys, I came up with:
header __L_FROM_YAHOO From:addr =~ /[EMAIL PROTECTED]/i meta UNVERIFIED_YAHOO __L_FROM_YAHOO && !DK_VERIFIED priority UNVERIFIED_YAHOO 500 score UNVERIFIED_YAHOO 5.0 which seems to do its job. I had to experiment with priority - are there any guidelines fo this? Is this a way to go? - any obvious improvements? Mark