As you have noted, this is a common situation. Anytime the actual URL does not
closely match the displayed URL you'll get an alert unless it has been added to
an M or X signature in the database. I haven't been convinced that anybody is
maintaining that list of exceptions, so disabling it is
An important email from our university president was quarantined with
Heuristics.Phishing.Email.SSL-Spoof. I submitted the email as an attachment
to ClamAV. I'm also disabling it based on past reports such as
