This morning i found a lot of ham in my maybe-spam inboxes (1-4 points).
I found that this rule was hitting:
* 4.0 FROM_FMBLA_NEWDOM From domain was registered in last 7 days
and the common pattern in the messages was that the From: addresses were
all @gmail.com. All of the messages were normal legit messages, some on
weewx-users list, and some were commit messages from pkgsrc-wip.
I had earlier upped the score of this rule as I found it to work very
well.
(Yes, I know that doesn't count as an FP under strict SA doctrine, esp
since I had upped the score. But it's still wrong for FROM_FMBLA_NEWDOM
to fire on gmail.com which is... not new.)
I reran SA on one message just now, and it scored normally, with no
FROM_FMBLA_NEWDOM hit.
This seems to be fresh.fmb.la as described:
https://fmb.la/pages/about
So I wonder if anybody else got a bunch of incorrect hits from fmb.la?
I found that this rule was hitting:
* 4.0 FROM_FMBLA_NEWDOM From domain was registered in last 7 days
and the common pattern in the messages was that the From: addresses were
all @gmail.com. All of the messages were normal legit messages, some on
weewx-users list, and some were commit messages from pkgsrc-wip.
I had earlier upped the score of this rule as I found it to work very
well.
(Yes, I know that doesn't count as an FP under strict SA doctrine, esp
since I had upped the score. But it's still wrong for FROM_FMBLA_NEWDOM
to fire on gmail.com which is... not new.)
I reran SA on one message just now, and it scored normally, with no
FROM_FMBLA_NEWDOM hit.
This seems to be fresh.fmb.la as described:
https://fmb.la/pages/about
So I wonder if anybody else got a bunch of incorrect hits from fmb.la?