A user of my mail system just sent me an FP that hit on BigEvilList_181. It's from edgar-online.com. From what it looks like, he actually subscribed to something. Is it possible that this uri should not be part of the rule? For now, I guess I can either whitelist [EMAIL PROTECTED], since that's where the email originated, or I can change the score of this entire rule to 0. Any suggestions?
uri BigEvilList_181 /\b(?:extreme-rapes\.com|excaliburproducts\.com|evansezmoney\.estarnetwo rk\.com|enjoyadvanced097\.org|emedorders\.com|email\.homemadesimple\.com |ehostzzz\.net|e-g\.com|efreedomweb\.net|edgar-online\.fundinfo\.wilink\ .com|edgar-online\.com|edgar-online\.ar\.wilink\.com|ecredibledeals\.com |echofrompeople\.com|e\.1asphost\.com)\b/i describe BigEvilList_181 Generated BigEvilList_181 score BigEvilList_181 3.0 Thanks, Mark DeMichele
