Hit- or score-based Filtering
As a general rule: Hit-based filtering is more straightforward.
Less thought, quicker configuration, faster processing with the chance
of more false positives .
And score-based filtering is the opposite.
If a rule or a DNSBL hits, its Spam. No discussion, a simple black
and white view. Stop the work and proceed with the next message.
Not black and white any more. Instead you define a negative
limit of points, called 'score'. The score a message has collected
at the end of all checks (!) is the final judgement about its state:
SPAM or not SPAM.
Every check can add positive or negative points. The number of points
a check adds is a value for its accuracy or your 'trust' value for
this rule. If you have a rule that has too many false positives
assign a low number of negative points. If you have a very trustable
rule, assign a lot of negative points. If you have a rule that detects
possible false positives, give it a positive number of points.
You see: Not so easy. But you can fine-tune the concept for your
And what else?
Mix it! It is possible to use both option: If 3 DNSBLs hit, it's
Spam. But if only 2 hit, give the message -200 points and continue
proceeding. Some Expression filters, the language filter or the BLAST-filter
might add or lessen some points and at the end we'll have a final