anti 1ad15470a1 feat(ttp): E.3.8 R0041-R0048 email cohort ...

8 YAMLs for the email cohort per Appendix B: open-relay abuse,
mass phishing, phishing-kit X-Mailer signatures, IDN/punycode
URLs, sender masquerade, malicious attachment, BEC, encoded
payload in body. EmailLifter (E.3.12) consumes by rule_id.

test_email_rules.py: YAML-present + inert-in-v0 + xfail(strict)
precision case gated on E.3.12.

2026-05-01 09:19:56 -04:00

415 B

Raw Permalink Blame History

View Raw