Phishing detection behaviour

[Michael Masse]

I'm trying to come up with a test to consistently trip the phishing detection system so that I will know whether future rules I write will work as intended.   I can send an email from an outside account containing something simple like <a href="www.real.com">www.fake.com</a> and the system detects it properly like it should and puts the proper warning in the body of the email.  The problem is that the next time (and each subsequent time) I send the same email from that same account, the system doesn't detect the problem and lets it through without the phishing warning.  If I change the URL's within the email it will detect the phish attempt again the first time those fake URL's are used, but not any subsequent times I reuse them.   Is this how it's supposed to behave?   I find that hard to believe.   What setting could affect this?
 
-Mike
 
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20110111/9b7356ac/attachment.html