Robert Lopez wrote: > I have been reading other threads about white list problems. > > In the past week this college has been phished very successfully two > times. Each time the rules I added to increase the score of college > specific phishing email were counter balanced. > On Saturday night it was the white-list score from RCVD_IN_DNSWL_MED > (-4.00) for a compromised government account. > On Monday morning it was the white-list score from > HABEAS_ACCREDITED_SOI (-4.30) for a compromised commercial account. > > In each of these cases, it was the first time I realized the rule used > had an associated list being used of which I was previously unaware. > > How do I determine how many other such lists are being used without my > knowledge?
You go study the ruleset that you are using. I know it's tedious, but if you want to know how and what you're filtering, it's the only way. /Per Jessen, Zürich