Combinations and pitfalls

Some tools combine methods (eg spamassassin does header analysis and content scan).

All methods carry a risk of false positives or false negatives:

Header mismatches: Mostly reliable, but SPF and Sender ID screws up forwarding; also trips up roaming users.

Blacklists: Be sceptical about about how they're generated. Some extremely inclusive (whole /16s not uncommon), some out of date; some have been manipulated in personal vendettas

Greylisting: Delivery delay for initial message. Large pool of outgoing SMTP servers with random selection of retries could trip up. (Most of these sites are seeing sense)

Greytrapping: Vulnerable to spam generated “message undeliverable” backscatter to trap addresses