This zimlet checks the result from Spam Assassin and alerts the user when certain tags are found. In addition it enforces the zimbraPrefShortEmailAddress setting to be FALSE as that allows the user to see the used email FROM address. The Zimlet also checks for suspicious characters in headers, like the NULL character etc. See also Mailsploit and bug 108709.
I deployed the Zimlet in an organisation with 700 users, and pointed the
alertmailproperty to the helpdesk ticketing system, after a few weeks of increased incoming tickets and configuring the
ignorelistReturnPaththe number of false positives dropped, and now the alert is really valuable to the user.