In addition to ME_VADESPAM and ME_VADEPHISHING, I'm seeing ME_VADESCAM and ME_VADEDCE.
Based on
this article, which explains some of Vade's terminology, DCE is "bad reputation marketing/Commercial Email" (I'm guessing the D is for disreputable).
There are several Vade headers, but the x-vs= section of the Authentication-Results header seems to be the most complete. I'm seeing entries like:
Code:
x-vs=clean score=69 state=0
x-vs=clean score=91 state=0
x-vs=commercial:dce score=107 state=12
x-vs=commercial:mce score=17 state=11
x-vs=commercial:pce score=7 state=10
x-vs=malware score=9999 state=2
x-vs=phishing score=190 state=101
x-vs=phishing score=300 state=101
x-vs=spam score=100 state=1
x-vs=spam score=700 state=1
x-vs=transactional:account score=20 state=14
x-vs=transactional:alerts score=50 state=14
x-vs=transactional:purchases score=10 state=14
This may be useful for sieve filtering, if it's accurate.
The article I quoted above states: "The score is a arbitrary number given by Vade. It is NOT an indicator that an email is SPAM or SN or any of the other statuses mentioned". Despite that there's a clear threshold of 100.
The state seems to be an alternative version of the classification, but oddly with less information for transactional email.
The phishing classification seems particularly weak. So far I've had 1 FP, on an ordinary email from a family member, and 6 hits on spam. Of those 6 spams, only 1 could be called a phish, and 1 was an obvious ED spam.