Botnet's score of 5 is meant to say "this message should be quarantined
or flagged for review". It's not saying "this message is _definitely_
spam".

Lots of people lower its score to something like 2-3 if they feel it's
too aggressive. I keep it at a 5, and have VERY FEW false positives.
When I encounter those, I:

1) send email to the postmaster/abuse/hostmaster of the sending mail
domain an d sending server (via whois on the IP address), and tell them
that they have a DNS problem

2) whitelist the sending IP address

And then move on.


Cliff Stanford wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm still a bit vague on how the SpamAssassin rules fit together but
> I've noticed that, since upgrading to the latest version, I'm getting a
> lot of false positives.
>
> The common cause seems to be Botnet.cf. Where a server has no reverse
> DNS, BOTNET_NORDNS scores it as 0.01 but BOTNET adds 5.0 to that. In
> addition, RDNS_NONE is adding 0.1 so every mail that lacks reverse dns
> is getting a minimum of 5.1.
>
> Is this intended behaviour?
>
> Regards,
> Cliff.
> - --
> Cliff Stanford
> Might Limited +44 845 0045 666 (Office)
> Suite 67, Dorset House +44 7973 616 666 (Mobile)
> Duke Street, Chelmsford, CM1 1TB
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFGil+XfNTx9pWyKfwRAmC8AJ45pI4cAdwZb1z+PcYOBD O0nMbiIgCfY0Ac
> NCcY+rXss72dEeylJAbmLdA=
> =i67i
> -----END PGP SIGNATURE-----
>