On 10/12, Christian Grunfeld wrote:
Many phishing mails exploit the bad knowledge of the difference
between real url and link anchor text by simple users. So they show
On 10/12/2011 2:25 PM, dar...@chaosreigns.com wrote:
Does spamassassin really not have a rule to detect this? I just dug
up a perfect example - trying to look like an email from youtube, with
something like
'<a href="http://phishingjunk.com";>http://www.youtube.com/stuff</a>',
and it didn't hit any rule that seemed relevant to that bit of deception.
It certainly seems like it would be very useful. I see there's a
__SPOOFED_URL rule, but it's hard to read and doesn't have a description.
On 12.10.11 14:49, Bowie Bailey wrote:
This is an issue that comes up on this list occasionally. It sounds
like a good idea at first, but when you start looking into it, you find
that there is WAY too much legitimate email that does this for the rule
to be useful.
much of those could be detected and/or whitelisted
(or, at least blacklisted, to prevent phishing coming to someone's
users).
While I have no doubt there is much of wanted mail with URL and text
mismatch, I still would like to have such rule.
That could be used at least in meta rules on many systems.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Save the whales. Collect the whole set.
