On Wed, 12 Oct 2011, Christian Grunfeld wrote:
It certainly seems like it would be very useful. I see there's a
__SPOOFED_URL rule, but it's hard to read and doesn't have a description.
This is an issue that comes up on this list occasionally. It sounds
like a good idea at first, but when you start looking into it, you find
that there is WAY too much legitimate email that does this for the rule
to be useful.
But I didnt talk about a rule that adds a score ! I talk about writing
the real url in the body next the anchor text and let the user see if
both "agree" or not or if the url looks familiar to him.
SA is a scoring filter, not a modifcation filter. Changing SA to rewrite
message bodies is, I think most if all will agree, beyond the scope of
what SA is intended to do, and beyond the scope of what it _should_ do.
Certainly SA should detect and score such obfuscation, if the FP rate can
be kept low. But controlling what the end user sees in the body of the
mail is properly the MUA's job.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Maxim XXIX: The enemy of my enemy is my enemy's enemy. No more.
No less.
-----------------------------------------------------------------------
307 days since the first successful private orbital launch (SpaceX)
