On Fri, 24 Feb 2017 16:26:38 -0500 Alex <mysqlstud...@gmail.com> wrote:
> We've actually had false-positives due to how the list is built into > rules. In other words, "i...@ca.com" is still on the list from 2011. > They're also not bounded by default, so noi...@ca.com and > morei...@ca.com would also be caught, for example. We use MIMEDefang's Perl integration, so we don't compile the list into SA rules. We use a database lookup instead, which does not suffer from the partial-match problem, and we don't load anything older than 6 months into the database. > How do you build the phishing URLs list into rules similar to how the > addresses2spamassassin.pl does for the phishing emails? Same idea; we do it in Perl integration code around SpamAssassin with a database lookup. Regards, Dianne.