1) that won't help any. You'd want to check this against headers generated by trusted relays.
2) Even if he does, who cares. At such a small score it's unlikely to help the spammer any. However, email which is marginally above the autolearn threshold will be helped. (Personally, I get a reasonable amount of low-scoring ham in the 0.1 to 0.3 range. I find very little spam near the 5.0 threshold, and most of that is just under anyway.) Dave Koontz wrote: > Most likely, Johnny Spammer monitoring this list will just add a FAKE > header to take advantage of such a rule. > > Matt Kettler wrote: > >> Matus UHLAR - fantomas wrote: >> >> >>> On 13.07.07 17:04, arni wrote: >>> >>> >>> >>>> From large providers i sometimes recieve messages through encrypted >>>> smtp, the header looks smth like this (qmail): >>>> >>>> ... with (AES256-SHA encrypted) SMTP; ... >>>> >>>> >>>> Would it be a good idea to give a minimal negative score on this -0.1 or >>>> -0.2 if this happens on the last hop? - It proves that the sending smtp >>>> server is very protocol sane, which spambots are usually not. >>>> >>>> >>>> >>> it just proves that the mail was sent through sane server, but there could >>> be spambod behind it. >>> >>> -0.1 and -0.2 is very small numbers. Do you encounter any case where that >>> would help? >>> >>> >>> >>> >> Autolearning. >> >> > > >