On Fri, 27 Apr 2012 14:28:21 +0100
> I'm seeing this rule: STOX_REPLY_TYPE_WITHOUT_QUOTES
> Catching on legitimate mail.
> It's a meta rule and right enough it catches this line:
> Content-Type: text/plain; format=flowed; charset="iso-8859-1";
> AND does NOT match either:
> __HS_SUBJ_RE_FW Subject =~ /^(?i:re|fw):/
> rawbody __HS_QUOTE /^>
> 0.2 STOX_REPLY_TYPE STOX_REPLY_TYPE
> 1.9 STOX_REPLY_TYPE_WITHOUT_QUOTES STOX_REPLY_TYPE_WITHOUT_QUOTES
> As legitimate mail, it's picking up just over 2 points for this - and
> I'm wondering what the sender is possibly doing wrong here?
I think the intention is to look for spam where the headers say it's a
reply, but it doesn't look like a reply. reply-type seems to be made-up
by Microsoft so the rule is looking for spoofed headers.
The problem is that, from a quick search though this list, reply-type
doesn't seem to specific to replies.