On Fri, 31 Aug 2018, John Hardin wrote:
None of the masscheck corpora that hit __HDR_ORDER_FTSDMCXXXX also hit
ALL_TRUSTED (or at least the portion is so small it falls off the bottom of
the report) so I don't feel too worried about adding either !ALL_TRUSTED or
__ANY_EXTERNAL (or potentially both) as exclusions.
I'm adding __ANY_EXTERNAL now...
Comments solicited.
Here's one: should __ANY_EXTERNAL be added to any other rules that
primarily look for abused MSFT-isms?
For example, MIMEOLE_DIRECT_TO_MX, DOS_OE_TO_MX, DOS_OUTLOOK_TO_MX,
XPRIO_SHORT_SUBJ, ...?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Of the twenty-two civilizations that have appeared in history,
nineteen of them collapsed when they reached the moral state the
United States is in now. -- Arnold Toynbee
-----------------------------------------------------------------------
519 days since the first commercial re-flight of an orbital booster (SpaceX)
