Hey, John et al. It's been a while. I hope things are going well. I've found an FP on URI_TRY_3LD from https://mynews.apple.com/subscriptions?… that you could solve by adding a new alternation to the relevant negative lookahead in that regex:
-uri URI_TRY_3LD m,^https?://(?:try|start|get(?!.adobe)|save|check(?!out)|act|compare|join|learn|request|visit(?!or)|my(?!sub|turbotax)w)[^.]*.[^/]+.(?:com|net)b,i +uri URI_TRY_3LD m,^https?://(?:try|start|get(?!.adobe)|save|check(?!out)|act|compare|join|learn|request|visit(?!or)|my(?!news.apple.|sub|turbotax)w)[^.]*.[^/]+.(?:com|net)b,i However, with its hit freqs [1] show an S/O hovering around 0.100 and with the GA consistently scoring it so close to your specified 2.000 limit, I doubt this tweak will help enough. I suggest further FP mitigations and perhaps a lower score limit. -Adam Links: ------ [1] https://ruleqa.spamassassin.org/20210401-r1888263-n/URI_TRY_3LD/detail
