4.35.11: more phony phishing phailures
Jeff A. Earickson
jaearick at COLBY.EDU
Fri Nov 5 21:02:44 GMT 2004
Julian,
I just got a complaint about this from in-house, where the guy
has our URL in his signature, and he uses HTML email. The snippet
from his HTML email is:
</font><font size=3><a href="http://www.colby.edu/" eudora="autourl"><font color="red"><b>MailScanner has detected a possible fraud attempt from "www.colby.edu" claiming to be</b></font> www.colby.edu<br><br>
The syslog from MailScanner said:
MailScanner[7142]: Found phishing fraud from www.colby.edu claiming to be www.colby.edu<br><br>
I suppose the extra br's at the end fouled things up. Or maybe the
trailing slash at the end of the URL? Something to contemplate.
Boy, I sure wish the msg id could appear in syslog output...
BTW, I just discovered that the default for Eudora 6.1 is both plain and
html text (they call it "styled text"). Yuck, I hate HTML email.
Jeff Earickson
Colby College
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
More information about the MailScanner
mailing list