On Fri, 27 Apr 2012 14:28:21 +0100
corpus.defero wrote:
> I'm seeing this rule: STOX_REPLY_TYPE_WITHOUT_QUOTES
> Catching on legitimate mail.
>
> It's a meta rule and right enough it catches this line:
>
> Content-Type: text/plain; format=flowed; charset="iso-8859-1";
> reply-type=original
>
> AND does NOT match either:
>
> __HS_SUBJ_RE_FW Subject =~ /^(?i:re|fw):/
> or
> rawbody __HS_QUOTE /^>
>
> SCORING.
> 0.2 STOX_REPLY_TYPE STOX_REPLY_TYPE
> 1.9 STOX_REPLY_TYPE_WITHOUT_QUOTES STOX_REPLY_TYPE_WITHOUT_QUOTES
>
> As legitimate mail, it's picking up just over 2 points for this - and
> I'm wondering what the sender is possibly doing wrong here?
I think the intention is to look for spam where the headers say it's a
reply, but it doesn't look like a reply. reply-type seems to be made-up
by Microsoft so the rule is looking for spoofed headers.
The problem is that, from a quick search though this list, reply-type
doesn't seem to specific to replies.
