On Fri, 27 Apr 2012 14:28:21 +0100 corpus.defero wrote: > I'm seeing this rule: STOX_REPLY_TYPE_WITHOUT_QUOTES > Catching on legitimate mail. > > It's a meta rule and right enough it catches this line: > > Content-Type: text/plain; format=flowed; charset="iso-8859-1"; > reply-type=original > > AND does NOT match either: > > __HS_SUBJ_RE_FW Subject =~ /^(?i:re|fw):/ > or > rawbody __HS_QUOTE /^> > > SCORING. > 0.2 STOX_REPLY_TYPE STOX_REPLY_TYPE > 1.9 STOX_REPLY_TYPE_WITHOUT_QUOTES STOX_REPLY_TYPE_WITHOUT_QUOTES > > As legitimate mail, it's picking up just over 2 points for this - and > I'm wondering what the sender is possibly doing wrong here?
I think the intention is to look for spam where the headers say it's a reply, but it doesn't look like a reply. reply-type seems to be made-up by Microsoft so the rule is looking for spoofed headers. The problem is that, from a quick search though this list, reply-type doesn't seem to specific to replies.