Anti-spear-phishing, round 2

Mark Sapiro mark at
Tue Jan 13 04:33:40 GMT 2009

On Mon, Jan 12, 2009 at 09:12:23AM -0500, Denis Beauchemin wrote:
> I got what really looks like a FP with one of the email addresses from 
> your script... what would be the best way to correct this ?  Write an SA 
> rule with a negative score for that address ? Or is there some 
> whitelisting mechanism built in ?
> Thanks!
> Denis
> PS: the address is jmcelhaney @ uchc . edu (without the spaces).

That address is in the list at

If it really is a FP, you could try to contact the project via
<> and see if it can
be removed.

Alternatively, you could add a line

  next if /^jmcelhaney\@uchc\.edu$/;

in between the lines:

  next unless /^.+\@.+\..+$/; # Only interested in email addresses.

  push @addresses, $_; # This is for the report

in the script to skip that address. That's the "whitelisting" mechanism :)

Mark Sapiro mark at msapiro net       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list