>> Even with the default DKIM scores, I finding I am getting spam that are
>> DKIM_VERIFIED causing the score to dip below zero and let the message
>> through, for example:
>>
>> http://micah.riseup.net/1

>
> that's spam relayed by a debian list. definitely a different beast...


I interpret those headers as spam being sent to a Debian e-mail address,
then forwarded to a personal address.

As for DKIM, surely it's a bad thing to give it any score? It's supposed
to be an authentication mechanism not an anti-spam mechanism in itself.

The problem with all those emails is that the only sign that they're
spam is the content itself. 20_advance_fee.cf contains all the rules
that try to catch these types of messages. Your best bet is to try to
create some more variations on those, or as John said, the sought_fraud
ruleset as well.

Francis