I've noticed that a lot of the lottery spam and nigerian scam messages
that slip by SA (3.1.9) unscathed (i.e. score < 5) at my site contain
the following headers
X-Wum-Nature: EMAIL-NATURE
X-WUM-FROM: |~|
X-WUM-CCI:
|~||~||~||~||~||~||~||~||~||~||~||~||~||
X-WUM-REPLYTO: |~|
and I'd like to add some local rules to detect those headers and
add a couple of points, but I don't want to do that if there is a good
chance it will increase FP's.
Does anyone know which mail client or server adds the "X-WUM" headers
and how likely it is that they are found in legitimate mail.
I'll be upgrading to 3.2.3 soon, but it isn't a solution for the time
being.
- rick
