hello-
i've noticed lately a trend in which two messages which appear to be
identical arrive a few minutes apart, and one is marked as spam while
the other is not. aside from time stamps, queue ids, etc, i believe the
headers and content of the two messages to be identical. i can see
obvious differences in the X-Spam-Status: headers, but i'm not sure how
to figure out why one of the messages seems to match so many more rules.
here are the X-Spam-Status: headers from one such set of examples:
X-Spam-Status: No, score=-0.597 required=5 tests=[BAYES_20=-0.001,
RP_MATCHES_RCVD=-0.594, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
X-Spam-Status: Yes, score=6.9 required=5 tests=[AWL=-7.497, BAYES_50=0.8,
DIGEST_MULTIPLE=0.293, KAM_VERY_BLACK_DBL=5, PYZOR_CHECK=1.392,
RAZOR2_CF_RANGE_51_100=0.5, RAZOR2_CF_RANGE_E8_51_100=1.886,
RAZOR2_CHECK=0.922, RP_MATCHES_RCVD=-0.594, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001, URIBL_BLACK=1.7, URIBL_DBL_SPAM=2.5]
autolearn=spam autolearn_force=no
here are the full message sources. i hope it's ok i've anonymized them.
http://dpaste.com/0V2W8KW - not spam
http://dpaste.com/1SWPF1J - spam
thanks
-ben
