You're going to get a *lot* of meaningless hits on some of these -- any mail from level3.net, for example. They'd score a hit on your rules, and they're a pretty decent-sized ISP with a *lot* of legit servers (including a few of mine). You'd also get automatic hits for sending mails from servers named, oh, smtp1.mydomain.com and smtp2.mydomain.com, which is a very common naming convention for sites with multiple servers.

I'd be interested to see what a GA test showed on these, but I suspect you'd get almost as many FPs as you would legitimate hits (if not more) on a lot of these rules.

Fred I-IS.COM wrote:

I'll have to admin, I was bored this morning.  I created a set of rules to
look for domains that include numbers.

IE: www.domain3.com
IE: www.domain3domain.com
Etc..




Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

This message is intended only for the use of the person(s) listed above as the 
intended recipient(s), and may contain information that is PRIVILEGED and 
CONFIDENTIAL.  If you are not an intended recipient, you may not read, copy, or 
distribute this message or any attachment. If you received this communication in 
error, please notify us immediately by e-mail and then delete all copies of this 
message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the 
Internet is not secure. Do not send confidential or sensitive information, such as 
social security numbers, account numbers, personal identification numbers and 
passwords, to us via ordinary (unencrypted) e-mail.

Reply via email to