On 22 Nov 2016, at 17:54, Eric Abrahamsen wrote:
I get a lot of spam that passes the RP_MATCHES_RCVD test; it wouldn't
make it into my inbox otherwise. I see the scoring recently got bumped
to -3.0, which makes false negatives even more likely.
I'm not expert enough in the nature of spam to really understand why
this test is so strong, nor to feel confident in simply whacking a few
points off it without knowing more.
In the year or so that I've been running my own mail server, I don't
think I've seen a *single* false positive (at least not one that I
noticed), but get maybe an average of two spam mails into my inbox
every
day. I've beefed up the BAYES scores, and that helped, but haven't
tweaked anything else.
Can anyone tell me why it's scored so heavily?
Probably someone more intimate withe the RuleQA process can explain it.
To me it looks too noisy to be scored so strongly, and for years I've
had it pegged for my systems at -0.3. I suspect that much of the
non-matching spam is stuff that many sites exclude well ahead of SA, so
it is not as indicative in production systems as it is in RuleQA.
Would it be a bad idea to
just drop it down to -1.5 or something?
In the past 2 years on multiple mail systems I have had no indication of
any false positives which would have been cured by a stronger ham score
for RP_MATCHES_RCVD. My reduction to -0.3 was based on the rule
chronically redeeming a stream of snowshoe spam that was otherwise
scoring in the ~6 range. Whether and how far you reduce its power should
be based on your local circumstances, but -1.5 strikes me as probably a
reasonable & prudent guess in the absence of careful analysis.
