Hit- or score-based Filtering?

Hit- or score-based Filtering

As a general rule: Hit-based filtering is more straightforward. Less thought, quicker configuration, faster processing with the chance of more false positives .

And score-based filtering is the opposite.

Hit-based Filtering

If a rule or a DNSBL hits, its Spam. No discussion, a simple black and white view. Stop the work and proceed with the next message.

Score-based Filtering

Not black and white any more. Instead you define a negative limit of points, called 'score'. The score a message has collected at the end of all checks (!) is the final judgement about its state: SPAM or not SPAM.

Every check can add positive or negative points. The number of points a check adds is a value for its accuracy or your 'trust' value for this rule. If you have a rule that has too many false positives assign a low number of negative points. If you have a very trustable rule, assign a lot of negative points. If you have a rule that detects possible false positives, give it a positive number of points.

You see: Not so easy. But you can fine-tune the concept for your special needs.

And what else?

Mix it! It is possible to use both option: If 3 DNSBLs hit, it's Spam. But if only 2 hit, give the message -200 points and continue proceeding. Some Expression filters, the language filter or the BLAST-filter might add or lessen some points and at the end we'll have a final judgement...