A user of my mail system just sent me an FP that hit on BigEvilList_181.
It's from edgar-online.com. From what it looks like, he actually
subscribed to something. Is it possible that this uri should not be
part of the rule? For now, I guess I can either whitelist
*@edgar-online.com, since that's where the email originated, or I can
change the score of this entire rule to 0. Any suggestions?
uri BigEvilList_181
/\b(?:extreme-rapes\.com|excaliburproducts\.com|evansezmoney\.estarnetwo
rk\.com|enjoyadvanced097\.org|emedorders\.com|email\.homemadesimple\.com
|ehostzzz\.net|e-g\.com|efreedomweb\.net|edgar-online\.fundinfo\.wilink\
.com|edgar-online\.com|edgar-online\.ar\.wilink\.com|ecredibledeals\.com
|echofrompeople\.com|e\.1asphost\.com)\b/i
describe BigEvilList_181 Generated BigEvilList_181
score BigEvilList_181 3.0
Thanks,
Mark DeMichele
It's from edgar-online.com. From what it looks like, he actually
subscribed to something. Is it possible that this uri should not be
part of the rule? For now, I guess I can either whitelist
*@edgar-online.com, since that's where the email originated, or I can
change the score of this entire rule to 0. Any suggestions?
uri BigEvilList_181
/\b(?:extreme-rapes\.com|excaliburproducts\.com|evansezmoney\.estarnetwo
rk\.com|enjoyadvanced097\.org|emedorders\.com|email\.homemadesimple\.com
|ehostzzz\.net|e-g\.com|efreedomweb\.net|edgar-online\.fundinfo\.wilink\
.com|edgar-online\.com|edgar-online\.ar\.wilink\.com|ecredibledeals\.com
|echofrompeople\.com|e\.1asphost\.com)\b/i
describe BigEvilList_181 Generated BigEvilList_181
score BigEvilList_181 3.0
Thanks,
Mark DeMichele