A legitimate e-mail passed through my system yesterday that matched three stock rules with default scores:
1.9 RATWARE_OUTLOOK_NONAME 1.4 RATWARE_MS_HASH 2.2 MSGID_DOLLARS Because this is a legitimate e-mail from a legitimate server, does that mean these particular stock rules need a score adjustment or are they maybe a little outdated? Message headers follow: Return-path: <[EMAIL PROTECTED]> Received: from outbound-smtp.firstam.com (outbound-smtp3.firstam.com [69.87.54.8]) by mail1.electronet.net (8.14.0/8.14.0) with ESMTP id l2LL3o67001535 for <[EMAIL PROTECTED]>; Wed, 21 Mar 2007 17:03:51 -0400 Received: from 10.48.129.31 by outbound-smtp.firstam.com with ESMTP ( Hello SMTP Relay); Wed, 21 Mar 2007 14:03:35 -0700 X-Server-Uuid: 6B41F939-E8F2-471D-A9AE-316CEEC949DD Received: from unknown (HELO fahqsna01smxs12.corp.firstam.com) ( [172.17.247.12]) by FAEMSNA01SMXS02.FIRSTAM.COM with ESMTP; 21 Mar 2007 14:03:32 -0700 Received: from TISELRG01SMXS02.corp.firstam.com ([172.27.10.100]) by fahqsna01smxs12.corp.firstam.com with Microsoft SMTPSVC(6.0.3790.1830); Wed, 21 Mar 2007 14:03:31 -0700 Received: from 172.17.22.206 ([172.17.22.206]) by TISELRG01SMXS02.corp.firstam.com ([172.27.10.100]) with Microsoft Exchange Server HTTP-DAV ; Wed, 21 Mar 2007 21:03:29 +0000 Message-ID: <[EMAIL PROTECTED]> MIME-Version: 1.0 X-MimeOLE: Produced By Microsoft Exchange V6.5 From: "Escalona, Edith" <[EMAIL PROTECTED]> Subject: *****SPAM***** RE: family names Date: Wed, 21 Mar 2007 17:03:28 -0400 X-Priority: 3 To: "Curt Hunter" <[EMAIL PROTECTED]> X-OriginalArrivalTime: 21 Mar 2007 21:03:31.0275 (UTC) FILETIME=[615CC9B0:01C76BFC] X-TMWD-Spam-Summary: SEV=1.1; DFV=A2007032108; IFV=2.0.6,4.0-7; RPD=4.00.0004; RPDID=303030312E30413031303230372E34363031394441382E303030353A5343464D4135343334 32342D462D2F4E4553574B563534472F71554B6D71577A564237673D3D; ENG=IBF; TS=20070321220337; CAT=NONE; CON=NONE; X-WSS-ID: 6A1F422F4I018575-01-01 Content-Type: multipart/mixed; boundary="----------=_1174511032-11972-52" X-Spam-Score: 5.403 (*****) MSGID_DOLLARS,RATWARE_MS_HASH,RATWARE_OUTLOOK_NONAME Jason A. Bertoch Network Administrator [EMAIL PROTECTED] ElectroNet Intermedia Consulting 3411 Capital Medical Blvd. Tallahassee, FL 32308 (V) 850.222.0229 (F) 850.222.8771