Hi, >> (how can a mail >> server be whitelisted while the message body contains a blacklisted >> URL?) > > Pretty trivially; if spam with a blacklisted URI is forwarded from an > account handled by a trusted server, the final recipient will see both a > whitelisted/trusted relay and a blacklisted URI.
Another simple example is mail from Google, such as their "Google Alert", which sends back links in an email every day based on your query. I was more looking for cases where that shouldn't be happening, and one or the other (JMF_W or URIBL_BLACK) were incorrect. It seemed like a good way to find anomalies. When it does happen, what are you supposed to do if it is considered severe enough? Block the server or whitelist the URL? Thanks, Alex
