Dec 20 23:08:39 server4 spamd: spamd: checking message <000c01c8435d$3ecf1f40$0501a8c0@bourbon> for qscand:110
Dec 20 23:08:41 server4 spamd: spamd: identified spam (7.6/7.0) for qscand:110 in 2.3 seconds, 2084 bytes.
Dec 20 23:08:41 server4 spamd: spamd: result: Y 7 - BAYES_20,DYN_RDNS_SHORT_HELO_HTML,HTML_MESSAGE,
I'm new to interpretting these things, so correct me if I'm wrong:
BAYES_20 Bayesian probability of spam 20%
DYN_RDNS_SHORT_HELO_HTML Sent from dynamic IP, HELO doesn't contain a domain, and message has HTML
HTML_MESSAGE Message has HTML
MIME_HTML_MOSTLY Message is mostly HTML
PYZOR_CHECK Someone else has gotten a similar message and marked it as spam
RCVD_IN_PBL The IP is in the Spamhaus PBL
RCVD_IN_SORBS_DUL Sent from dynamic IP in Sorbs list
RDNS_DYNAMIC Sent from a dynamic IP
TVD_SPACE_RATIO The ratio of whitespace to text is low, indicating vertical words.
4 of these seem to be related to him sending the email from a dynamic ip at his home. The 3 HTML ones are because he uses Outlook with default settings.
The emails he sends that get marked as spam are of two types. Sometimes he sends short messages to me asking questions about his hosting or email. He has notoriously bad spelling, punctuation, and grammar. I'm not concerned about these being marked, because they are coming to me.
The other type that get marked are orders for play-by-email Diplomacy.
For now, I've explained to him how to send emails as text.
But the real question is, what are the advantages of scanning authenticated user's emails? All my users are trusted, I'm not a public web host, and I have no concern that any of them will start sending spam.