I made some changes to the way we process spam on our servers. Since ai.mit.edu and some of the other "legacy" domains are entirely virtualized (i.e. all addresses in them simply forward to address at other domains) I disabled content-based spam filtering on mail to them. This won't affect most people, since they've undoubtedly got spam filtering at their final destination (e.g. csail.mit.edu or mit.edu). I've re-enabled rejection of messages to lists.csail.mit.edu that get SA scores of 20 or higher during the SMTP "data" phase. However, in order to avoid sending spurious bounces, we don't reject mail on the list server if it was received from another server on our network, since that server would end up sending a bounce to some (most likely completely innocent) third party. In those cases, we add the standard message headers so list admins can filter traffic to their lists as described at Mailing List Spam Filtering.

Another change that I made effectively whitelists mail from authenticated senders. That's helpful because some people send mail from hosts that might otherwise look like spam senders, but we can be sure that they're actually sending legit mail because they've provided a username and password or client certificate.