Mailto's being marked as detected fraud attempt.

Martin Hepworth martinh at SOLID-STATE-LOGIC.COM
Wed Nov 17 12:30:25 GMT 2004


good question...I'm not sure much can be done apart from tune the thing
using rules....

I think the phishing detector is showing how badly formatted  many URL's
actually are, esp in legitimate  html based marketing emails. I'm not
sure how many are sent from third party marketing people, rather than
direct. Perhaps some sort of check  on the sending ip-address matching
the sender domain as well.??? But this means a deeper analysis of the
whole email, so perhaps it's dropping into a SA 3 plugin solution. Or
even just making sure  people are using the phishing URI RBL???

Anyone else any ideas????

For me this is another reason why non-text emails are a bad idea.....
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300

Julian Field wrote:

> How could I improve it?
> On 17/11/04 12:01 pm, "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
> wrote:
>>I'm getting alot of reports about 'broken links' reported by MS in emails.
>>I quick view of the original message does indeed show the link is broken
>>in some way, mainly people sending out HTML email as marketing brochures
>>- ligitimate companies we deal with not 'spam' - where thet send out a
>>brokeb link accidentally in footers or do a phishing style redirect to a
>>link the text claims not to point to.
>>However it is providing many false positives, and although I'm disabling
>>the anti-phishing feature for those domains with a ruleset, it is making
>>me contemplate turning off the feature altogether. Otherwise it merely
>>suffers from the cry wolf problem.
> --
> Julian Field
> Buy the MailScanner book at


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list