On Thu, 10 Mar 2016 14:10:54 -0800 Dave Warren wrote: > Howdy! > > We've had a rash of false positives in the last couple of weeks, > almost exclusively tipping the scales is one particular hit: > > 3.5 XPRIO Has X-Priority header > > This seems to be scored fairly high for what it is as some mobile > devices are inserting this header on all of their messages, and 3.5 > is a good chunk of the way to a hit. > > Anyone else seeing issues, or should just re-score it locally and > call it a day?
I'm seeing 299 hits on rules that contain XPRIO in the rule name, but only 1 of these is on XPRIO itself. This is because the meta-rule excludes so much that you could probably replace __XPRIO with __SENT_ON_A_THURSDAY and still get a decent score. I do think there's a worrying trend where meta rules are having many exclusions added to boost their generated scores - sometimes to point where they have to be capped. I think this is leading to high scoring rules that are over-optimized on the score-generation corpus, and are likely to cause FPs in the wider world - or generally under-perform because they exclude so much spam. A case in point is __RP_MATCHES_RCVD which has historically done abnormally well as a ham indicator in the corpus, but others have found it hits a lot of low-scoring spam. "&& ! __RP_MATCHES_RCVD" is a common exclusion in meta rules. There never seems to be a logical reason for it to be there, aside from its giving an artificial boost to the score.
