Every once in a while I love to look through my spam folder just to see what makes spamassassin mark something really high. Here is one that got 49 points:
* 4.5 MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary
* 4.4 MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant)
* 0.1 FORGED_RCVD_HELO Received: contains a forged HELO
* 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
* lines
* 2.0 HTML_MESSAGE BODY: HTML included in message
* 5.0 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
* [score: 1.0000]
* 4.5 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 3.7 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
* 0.2 DNS_FROM_RFC_ABUSE RBL: Envelope sender in abuse.rfc-ignorant.org
* 2.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
* [Blocked - see ]
* 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [65.67.110.5 listed in sbl-xbl.spamhaus.org]
* 2.5 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
* 2.7 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
* 4.5 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME
* parts
* 2.6 FORGED_MSGID_HOTMAIL Message-ID is forged, (hotmail.com)
* 1.6 MISSING_MIMEOLE Message has X-MSMail-Priority, but no X-MimeOLE
* 4.1 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
A few of these I've cranked up, like MIME_HTML_ONLY, as I don't get any useful mail that is only text/html formatted. I still like that SA detects things like MIME_BOUND_DD_DIGITS. :)