On Mon, 28 Sep 2015 14:27:33 -0700 (PDT) John Hardin wrote: e stringent? > > > > # Add spamminess to "may be forged" warning in Received header > > header RCVD_MAY_BE_FORGED Received =~ /\(may be forged\)/ > > describe RCVD_MAY_BE_FORGED Fake HELO info in Received header > > score RCVD_MAY_BE_FORGED 0.2 > > RE looks fine. I'd just describe it as "forgery warning in Received > header" rather than trying to interpret *why* the warning is there.
YMMV but I find that in deep received headers "may be forged" is a slight ham indicator. That's why I suggested limiting the match to the MX server's received header.
