xml-sig is already using the spamassassin stuff. I asked Greg Ward about it, and he said that some internal DNS issues are holding up checking against the RBL lists, which explains the recent leakage. Until then, the filter is tightened so more stuff will need manual approval (by me). /r$