I've noticied in a lot of these phishing messages they will have links hiding the real URL behind a fake but genuine looking URL, like the following:
<a href="http://www.visa.com:UserSession=2f6q9uuu88312264trzzz55884495&usersoption=Securit yUpdate&[EMAIL PROTECTED]/~gotiere/verified_by_ visa.htm">http://www.visa.com</a> Have any spamassassin rules been written to match links with a URL in the display text ("http://www.visa.com"; in this example) in which the domains differ ("www.visa.com" vs "63.247.87.138")? - Philip ---------- Philip Tucker Zix Research Center 214.370.2068 ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
