On Fri, 6 Dec 2013, Kelsey Cummings wrote:
I'm seeing some false positives from the FROM_MISSP_FREEMAIL and suspect
that the other FROM_MISSP_ rules scored ~4 may have similar issues. The
message that brought this to my attention was a newsletter from
vanguard.com.
score FROM_MISSP_FREEMAIL 4.399 3.799 4.399 3.799
score FROM_MISSP_PHISH 4.749 3.759 4.749 3.759
score FROM_MISSP_TO_UNDISC 4.100 3.999 4.100 3.999
Are all of them hitting on those messages?
I wonder at the freemail hit - why would a legitimate investment brokerage
with a registered domain be sending newsletters with a FROM address in a
freemail domain? Or is vanguard.com improperly listed as a freemail
domain?
Would you be willing to post the headers from one such message?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Perfect Security and Absolute Safety are unattainable; beware
those who would try to sell them to you, regardless of the cost,
for they are trying to sell you your own slavery.
-----------------------------------------------------------------------
9 days until Bill of Rights day
