Steve Freegard’s new rule SMF_BRACKETS_TO seems pretty effective at catching certain recent spam campaigns, roughly 3% of common spam.  While the majority of this spam is already stopped by DNSBL’s, this may add a tiny bit of extra confidence in case an unlisted spammer gets through the network rules unscathed.

header SMF_BRACKETS_TO To:raw =~ /<<[^<>]+>>/
describe SMF_BRACKETS_TO Double-brackets around To header address
score SMF_BRACKETS_TO 1.5

https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6533

This rule was accidentally auto-promoted into the live sa-update rules channel. It might be very effective against the many .ru URL’s common in spam, but it is entirely too prejudiced to be safe as a default rule.  Spamassasin upstream has corrected procedures to prevent an issue like this from happening again, but unfortunately they’ve been having some temporary problems in pushing a new rule update.  Meanwhile, it might be a good idea to disable this rule in your local.cf.

score FSL_RU_URL 0

On the other hand, if you really never expect to have legitimate mail with a .ru URL, you may want to explicitly include this prejudiced rule in your local.cf.  It is not recommended though.

Apparently AHBL_RHSBL has been performing very poorly, detecting 0.072% spam during the August 2009 rescore masscheck and 0.02% spam in recent masschecks. This is not worth a DNS query for every mail you scan. Well, this rule is not harmful, but you may want to disable it if you want a little more efficiency.  Insert this line below into your local.cf and restart your spamd daemon.

score DNS_FROM_AHBL_RHSBL 0