Google has presented us with a rather huge list of sites at which malware/phishware has been spotted. You may wish to examine this list with any existing software you are presently using to filter out phishermen, etc. Its quite a large list; over 3000 entries and very difficult to manipulate. My thinking is perhaps add it to your procmail.rc file.
formatting link
PAT