Characteristics of hammy senders tend to change slowly. They use domains, mail servers, name servers, net handles and policies that are stable for relatively long periods of time. Even the community of travellers (who don't use port 587 or webmail) are using the same general group of home, hotel, and hotspot services.

Characteristics of non-ham senders tend to change very rapidly. They use domains, mail servers, name servers, net handles, routes that change so fast that by the time they are listed on a DNSBL, address blacklist, or SURBL (URLs in spam) blacklist - they have already succeeded in sending a lot of spam and moved on.

There are a few exceptions to these tendencies. Some nethandles, routes, name servers, mail servers - remain stable for relatively long periods while "opt-out email" is sent using domain names owned by the mail server operators.

Domain, nethandle and IP blacklists are very useful for non-ham senders who use their own domain names or have stable characteristics like sticking to the same name servers and IPs.

The Outbound Index may score the new non-ham sender low (low is bad) initially because they are either new and not identifiable or coming from a nethandle or route with security or policy issues. But as the non-ham sender achieves long term stability, the Outbound Index would score his mail high (high is good) if it were not for the work of concientioius watchdog blacklist maintainers.

The Outbound Index steers clear of the business of judging. We have zero info about the content of messages, only basing our tests on the envelope-from domain and connecting IP in the SMTP session. We do not make any distinction about how the sender got the RCPT address or if he has permission to send to it.

We simply note that inherently - those without permission to send must constantly move and change or be blacklisted. Those with no reason to move and change rapidly are those whose mail is generally welcomed by the RCPT.