I just exported one of the "phishing" emails as mbox and edited it so that the one problematic link points to "http://mandrillapp.thedailywtf.com/..." instead, and imported it again. No phishing warning. changing the link back to "http://mandrillapp.thedailyftw.com" made it get detected again. So a subdomain should help (in case you don't want to be detected as a phishing mail, that is).