Your idea turns the HABEAS_SWE test into a network test.
Actually it _is_ a network test: It relies on legal means to shut down violators and the HIL to block ip addresses whose use of the Habeas headers can't be or has not yet been stopped by legal means.
Instead of reducing the score of HABEAS_SWE I added to my preference file bayes_ignore_header for the nine Habeas headers, made sure to train Bayes on all spam that had come in that used Habeas headers, and increased the score of BAYES_99 from the default 5.4 up to 10. I am careful to train Bayes on all my incoming mail and I have yet to get a false positive on BAYES_99. The score of 10 does not force a hit in the face of the -8 for HABEAS_SWE, but especially with network tests on it is enough to catch the pharmacourt.biz spam.
Since I made those changes I have not had any spam slip through with a Habeas header. I think that shows that the basic idea of Habeas can be viable.
Also, I have a procmail filter that grabs a copy of all mail that contains the Habeas headers and places it in a folder where it is easy for me to manually check them and feed the spam to a script that reports it to Habeas. I do that even for spam that is caught by SpamAssassin. Because of that filter I am aware of how much or how little spam is including the Habeas headers.
It has been almost 24 hours since I received the last spam with Habeas headers. Possibly my ISP has added a filter to block the pharmacourt.biz spam before I see it ... Has anybody else noticed that their spam has stopped in the past day?
-- sidney
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
