Hi, On Sun, Sep 25, 2016 at 3:46 PM, Sean Greenslade <s...@seangreenslade.com> wrote: > On Sun, Sep 25, 2016 at 03:39:20PM -0400, Alex wrote: >> I think it must be something more than that. I've included the HTML >> component of an FP I received, and I don't see any occurrences of an >> https link where the text component is just http, or even vice-versa. >> >> http://pastebin.com/BNM9sLRL >> >> The HTML is a bit hard to read. Let me know if you want the whole >> email (which is even harder, consider it's encoded, so you'd have to >> actually run it through SA). > > If you want to see what that rule's code looks like, here's a link: > > https://fossies.org/dox/Mail-SpamAssassin-3.4.1/classMail_1_1SpamAssassin_1_1Plugin_1_1HTTPSMismatch.html > > It's possible there is a bug in that rule. If you send it through > SpamAssassin with debug enabled, the rule should print out the domain > pairs that trigger it. Maybe try that, and see if what it outputs makes > sense.
I should have mentioned that I tried that - it doesn't.