1) that won't help any. You'd want to check this against headers
generated by trusted relays.

2) Even if he does, who cares. At such a small score it's unlikely to
help the spammer any. However, email which is marginally above the
autolearn threshold will be helped. (Personally, I get a reasonable
amount of low-scoring ham in the 0.1 to 0.3 range. I find very little
spam near the 5.0 threshold, and most of that is just under anyway.)

Dave Koontz wrote:
> Most likely, Johnny Spammer monitoring this list will just add a FAKE
> header to take advantage of such a rule.
>
> Matt Kettler wrote:
>
>> Matus UHLAR - fantomas wrote:
>>
>>
>>> On 13.07.07 17:04, arni wrote:
>>>
>>>
>>>
>>>> From large providers i sometimes recieve messages through encrypted
>>>> smtp, the header looks smth like this (qmail):
>>>>
>>>> ... with (AES256-SHA encrypted) SMTP; ...
>>>>
>>>>
>>>> Would it be a good idea to give a minimal negative score on this -0.1 or
>>>> -0.2 if this happens on the last hop? - It proves that the sending smtp
>>>> server is very protocol sane, which spambots are usually not.
>>>>
>>>>
>>>>
>>> it just proves that the mail was sent through sane server, but there could
>>> be spambod behind it.
>>>
>>> -0.1 and -0.2 is very small numbers. Do you encounter any case where that
>>> would help?
>>>
>>>
>>>
>>>

>> Autolearning.
>>
>>

>
>
>