On Wed, Feb 15, 2006 at 08:43:13AM -0500, [EMAIL PROTECTED] wrote: > >2.5 FORGED_OUTLOOK_HTML Outlook can't send HTML message only > >3.4 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook > > I thought these were different tests? > > 1) test saying that Outlook can not send HTML only email > 2) the MUA header isn't a legitimate OUTLOOK MUA? > > IMHO these rules compliment each other
I believe what he's saying is that if we know it's a forged message, there doesn't need to be 2 rules marking the message as "forged from outlook" -- we already know that. I'd like to see some testing to figure out if the two rules can be merged or otherwise tie in together (meta, etc,) so that there's a single forgery rule w/ good hit rates and accuracy. -- Randomly Generated Tagline: (C) 1992 by Elmer Fudd. All wights wesewved.
pgpcwA0Xm9N6A.pgp
Description: PGP signature
