Pretty obviously a spam, I'm surprized that it didn't get a lot of "fake order"
type of points.
Here is the (or at least one) double URL that it caught:
;" href=3D"ht=
tps://nam02.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fsojaprote=
in.rs
Hello,
This rule is indicating that the To/From headers look a bit weird, as well
as having a "double URL" - a URL within the email has a URL embedded within
it. From runon is a sub rule looking for correct spacing on the From header.
It is the combination of these that is causing the rule to fir
