Take a look at this message from ALM Expo. It's a message that I wasn't expecting, but I was glad to receive because I write for CM Crossroads and do expect to get mail from them. And I'm talking at the ALM Expo. Looks perfectly ok, right?
It had three strikes against it: first GMail stuck it in the spam folder so I fished it out by clicking "Not Spam", then POPFile thought it was spam and stuck it in my spam folder and finally Thunderbird reported that it thought the message was an email scam (i.e. phishing).
I don't know what GMail saw that it didn't like, I know that POPFile saw some suspicious words (like unsubscribe, unlimited and event) and the email used font size 1 (a favorite of spammers).
According to this post Thunderbird's scam filter looks for forms in email, URLs that don't go where they say they do and IP address-only URLs. The email doesn't appear to contain any of those things. Anyone know if it's possible to get Thunderbird to give its reasoning?