Mailto's being marked as detected fraud attempt.

Quentin Campbell Q.G.Campbell at NEWCASTLE.AC.UK
Wed Nov 17 08:04:43 GMT 2004 

Julian

I installed your latest version of Message.pm (the 166111 byte version)
early on Tuesday.

Prior to that the log entries read:

  "Found phishing fraud from mailto:bloggs at domain.com claiming to be
bloggs at domain.com"

After installing this fixed version (166111 bytes) the logs entries now
read:

  "Found phishing fraud from dave at somewhere.com claiming to be
mailto:dave at somewhere.com"

The latter looks more believable but still not desirable in my view. Why
can't this special case be ignored? 

I made the change to the 166111 byte version at about 08:20 on Tuesday.
Later that day complaints started coming in about messages being
"mangled". The complainants usually did not include the affected
message. When they did it was clear the "mangled" messages had actually
been received on the Monday, _before_ I installed your latest
Message.pm.

Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
"Any opinion expressed above is mine. The University can get its own." 

 


________________________________

        From: MailScanner mailing list
[mailto:MAILSCANNER at JISCMAIL.AC.UK] On Behalf Of Julian Field
        Sent: 16 November 2004 15:25
        To: MAILSCANNER at JISCMAIL.AC.UK
        Subject: Re: Mailto's being marked as detected fraud attempt.
	
	
        I published the one yesterday to stop this problem. Are you 100%
sure you are using the right version? It should be 166111 bytes long.
	
	
        On 16/11/04 12:39 pm, "Ed Bruce" <ebruce at HPMICH.COM> wrote:
	
	

                I'm seeing this problem now were mailto: is being marked
as detected fraud attempt. I've just installed the latest Message.pm
from yesterday.
        	
        	

        -- 
        Julian Field
        www.MailScanner.info
        Buy the MailScanner book at www.MailScanner.info/store
	
        PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
        ------------------------ MailScanner list
------------------------ To unsubscribe, email jiscmail at jiscmail.ac.uk
with the words:
        'leave mailscanner' in the body of the email.
        Before posting, read the MAQ (http://www.mailscanner.biz/maq/)
        and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html). 
	
        Support MailScanner development - buy the book off the website! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list