MALFORMED_FREEMAIL is a meta on: (MISSING_HEADERS||__HDRS_LCASE) && FREEMAIL_FROM
So that and MISSING_HEADERS itself add up to 3.0 points. This seems high. We rejected a message from gmail that hit MALFORMED_FREEMAIL and MISSING_HEADERS, and a few other low-scoring things. Because it was rejected I do not have the message. I believe the sender tried to BCC a group of people. If I recall correctly MISSING_HEADERS, which refers only to the To: header, hits when To: exists but is blank. People (ab)using BCC instead of a list for legit mail is not that uncommon. The case with __HDRS_LCASE strikes me as very different and much more likely to be faked mail. I don't know of any freemail providers that write header names in all lower case. A check against the corpus obviously needs to back up my guess but I think I'm right. -- Joseph Brennan Lead, Email and Systems Applications
