Page for SpamAssassin developers t collaboratively jot down some ideas:
Questions: SVM and RF?
trusted networks heuristic:
- doing reverse look-up of HELO, if it matches the user's domain, and forward DNS matches of that matches the IP address, then trust it - does that help? (may be helpful for extending the boundary)
- find an IP that matches exteral MX, know it's external then (probably not as helpful for finding a boundary?)