What about combining this with a whitelist?
I.e. I regularly get emails from target.bifn0.com that contain links that
point to themselves, but say they are target.com And in fact, this is
a 3rd party that Target has contracted to do outsource mailings for them,
so in that respect they are leg
Unfortunately, although many phishing mails would match this rule,
just as many ligitimate messages would as well. Check the archives.
http://www.nabble.com/Detecting-phishing-urls-t1027084.html#a2669493
On Sat, 17 Jun 2006 21:56:03 +0200
Yves Goergen <[EMAIL PROTECTED]> wrote:
Hello,
I'm ru
On 19.06.2006 18:26 CE(S)T, Chris Santerre wrote:
> Why not just use black.uribl.com ? It lists PHISHes.
Trying this out now.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
http://beta.unclassified.de – My web laboratory.
On 19 Jun 2006, at 17:26, Chris Santerre wrote:
> Still I don't know how to create a rule like this. But as someone
else
> in the bug tracker already mentioned a year ago, what SpamAssassin
> misses to do things like that is a 'rawbody' match that uses
> the entire
> message, not only single l
Title: RE: Adding Phishing Link rule
> -Original Message-
> From: Yves Goergen [mailto:[EMAIL PROTECTED]]
> Sent: Sunday, June 18, 2006 5:46 AM
> To: Loren Wilton
> Cc: users@spamassassin.apache.org
> Subject: Re: Adding Phishing Link rule
>
>
> On 18.
On 18.06.2006 03:51 CE(S)T, Loren Wilton wrote:
> The rule you suggest isn't particularly good. There are far too many legit
> mails (mostly mailing list type of things) that do exactly what you want to
> check for. So the FP rate is higher than most people would like.
However, I haven't seen th
On 18.06.2006 04:29 CE(S)T, Theo Van Dinter wrote:
> Actually that is a rule already in 3.1 (HTTPS_IP_MISMATCH) (anchor text
> has to be https w/ some http href which is an IP).
Well, if it really is, it doesn't work.
--
Yves Goergen "LonelyPixel" <[EMAIL PROTECTED]>
http://beta.unclassified.de
On Sat, Jun 17, 2006 at 09:56:03PM +0200, Yves Goergen wrote:
> I'm running SpamAssassin on my Exim MTA and would like to add a rule of
> which I don't think it's built-in yet: Phishing mails commonly have an
> HTML link in them with a target like "http://12.34.56.78/..."; but a
> label like "http[
The rule you suggest isn't particularly good. There are far too many legit
mails (mostly mailing list type of things) that do exactly what you want to
check for. So the FP rate is higher than most people would like. This has
been discussed many times in the past.
That said, I believe there is a
On 17.06.2006 22:05 CE(S)T, Michele Neylon :: Blacknight.ie wrote:
> You could have a look at MailScanner (http://www.mailscanner.info) as
> this has builtin support for phishing checks ...
Sorry, MailScanner doesn't support SMTP-time checks and requires me to
setup 2 separate Exim instances w
You could have a look at MailScanner (http://www.mailscanner.info) as
this has builtin support for phishing checks ...
--
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59
Hello,
I'm running SpamAssassin on my Exim MTA and would like to add a rule of
which I don't think it's built-in yet: Phishing mails commonly have an
HTML link in them with a target like "http://12.34.56.78/..."; but a
label like "http[s]://somedomain/...". This case where the link label is
a domai
12 matches
Mail list logo
