I started getting massive amounts of the same spams selling contact databases.
They all pass EFA (3.0.1.5) because the negative score of a valid return path.
For example:
0.80 BAYES_50
1.10 DCC_CHECK
0.29 DIGEST_MULTIPLE
0.00 HEADER_FROM_DIFFERENT_DOMAINS
0.00 HTML_MESSAGE
0.43 MIME_HTML_MOSTLY
0.79 MPART_ALT_DIFF
1.39 PYZOR_CHECK
-3.20 RP_MATCHES_RCVD
-0.00 SPF_PASS
0.00 URIBL_BLOCKED
I know I can modify that myself, but it will keep on getting overwritten. Is this a new and general tactic spammers are using?