Reposting, for those not following the original thread.
I found the following FPs in WS in a large recent ham corpus. I suggest whitelisting all of these.
buckeye-express.com -- Used in a personal email address, looks legit; 7 examples nm.ru -- Used in a personal email address, looks legit advanstar.com -- Legit uses; found in a well-known dental newsletter; also personal email address of one of the editors; 3 messages 00fun.com -- Confirmed, more than one user on our system sent or received eCards from them northstarconferences.com -- Legit conference host site subscribed to by two users; 9 messages in this corpus mardox.com -- Search engine; registered 1875 days ago, and *looks* like the user did actually submit their site to them. postsnet.com -- Registered exactly one year ago, 51 NANAS, blank home page, ehh... but I have 4 different legit newsletters with links to them. webspawner.com -- Created in 1996; free host/email npdor.com -- Surveys; been around since 1999. 103 NANAS, but they've been advertised by some reputable "word of the day" mailers (dictionary.com) Maybe a good candidate for UC. :-) 2 examples imninc.com -- Domain is 507 days old; they do newsletters. At least one of them is legit. :-) worldhealth.net -- It's 3468 days old today (1995). One of our users attended a conference of theirs, and signed up for a newsletter. hoteldiscounts.com -- 2459 days old (1997), found in actual room booking confirmations for Comfort Inn.
- Ryan