4.35.11: more phony phishing phailures

Jeff A. Earickson jaearick at COLBY.EDU
Fri Nov 5 21:02:44 GMT 2004


I just got a complaint about this from in-house, where the guy
has our URL in his signature, and he uses HTML email.  The snippet
from his HTML email is:

</font><font size=3><a href="http://www.colby.edu/" eudora="autourl"><font color="red"><b>MailScanner has detected a possible fraud attempt from "www.colby.edu" claiming to be</b></font> www.colby.edu<br><br>

The syslog from MailScanner said:

MailScanner[7142]: Found phishing fraud from www.colby.edu claiming to be www.colby.edu<br><br>

I suppose the extra br's at the end fouled things up.  Or maybe the
trailing slash at the end of the URL?  Something to contemplate.
Boy, I sure wish the msg id could appear in syslog output...

BTW, I just discovered that the default for Eudora 6.1 is both plain and
html text (they call it "styled text").  Yuck, I hate HTML email.

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

More information about the MailScanner mailing list