Derek Harding wrote: > This may be more a dev question but I thought I'd start here. > > I've been seeing this rule (SUBJECT_ENCODED_TWICE) trigger recently and > it is confusing me. > > It checks for a subject line having two encoded sections however I'm not > sure why it does this. I've checked RFC 2047 and two encoded sections > does not appear to be a violation. In fact it gives an example of > exactly this:
I don't think this rule is trying to imply that a two-encoding subject is an RFC violation. There are plenty of rules that are based on perfectly RFC legal things like obfuscated drug names. Just because the rule exists, don't assume it's for RFC reasons. In fact, RFC violations alone are never a reason for a SA rule to exist. SA rules are created to look for things spammers do fairly often, but normal people and businesses don't. Some of these happen to be RFC violations, many aren't. > >>From http://www.ietf.org/rfc/rfc2047.txt: > So why the disconnect? I think this is a case of something that is extraordinarily rare in the real world, but not horribly uncommon in spam. In the SA mass-checks, 95% of email matching this rule was spam, and about 5% was nonspam. However, this rule has got a pretty low score (under 1.8), so this alone really shouldn't be causing you any trouble.
