Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi list,

I just had a flood of spam coming through, which SA classified as
ham. On closer inspection, it turns out that the only tests
triggered for all those mails were HTML_MESSAGE and BAYES_99.

HTML messages are commonplace today (unfortunately), so they don't
add anything to the score.

BAYES_99 yields 3.5 points.

What's curious is that in this scenario, even though SA thinks that
the message is 99%-100% likely to be spam, it will always classify
it as ham, and further learning does not have any noticeable effect.

I know how SA scores are computed. I do wonder how that algorithm
applies to the BAYES_* tests though. Don't you think BAYES_99 should
yield > 5 points to trigger the threshold on default installs?
Shouldn't thus BAYES_* be renormalised?

martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
spamtraps: madduck.bogus@madduck.net
"... alle s=E4tze der logik sagen aber dasselbe. n=E4mlich nichts."
-- wittgenstein

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature (GPG/PGP)
Content-Disposition: inline

Version: GnuPG v1.4.6 (GNU/Linux)