On Tue, 04 Dec 2012 22:37:44 +0100 Eric Krona <e...@itomat.se> wrote:
> We have a few users who get a lot of emails asking them to report > their webmail usage, often linking to a google spreadsheet. They slip > passed spamassassing, likely because they are translated to swedish, > but the mail is clearly spam. We generally catch these with Bayes, but you might want to look at this project: http://sourceforge.net/projects/aper/ Their phishing_links file did have the URL you reported in it: docs.google.com / spreadsheet / viewform ? formkey = dDZaYjFYM1dlWUFKakVUX0FHY2ZTaWc6MQ So all some kind soul needs to do is write a SpamAssassin plugin that gets the link list from the project and looks for URLs in message bodies (or even just the Google formkey values which are pretty likely to be unique.) Oh, somewhat off-topic but in case anyone with clout at Google is reading this: More than a year ago, I recommended to Google that all of their user-created forms should display this text: "This is a user-created form hosted at Google. Do not enter sensitive information such as credit card numbers or passwords. If you are asked to enter such information, please report this form as abusive." but Google never got back to me. It seems to me they're complicit in helping phishers... Regards, David.
