Which rule caught this message?

Registered users can request specific rule information as part of our false positive handling process.

We do not publish our rulebase contents since they are private and constantly changing. The information would also be misleading since Message Sniffer generally scans elements of each message "in context" - due to the way the system works the rulebase doesn't pecifically list domains or IP addresses per-se, rather it looks for patterns which may include these things.

You can test messages against the rulebase by scanning the message with sniffer from your command line and examining the log file that is produced.

With SNF V3 and above you can configure the SNFServer engine to inject X- headers that include information about the SNF rules that fired. This makes it much easier to track down the rules since it is no longer necessary to cross-reference the message with it's corresponding log entries.