Mailto's being marked as detected fraud attempt.
Martin Hepworth
martinh at SOLID-STATE-LOGIC.COM
Wed Nov 17 12:30:25 GMT 2004
Julian
good question...I'm not sure much can be done apart from tune the thing
using rules....
I think the phishing detector is showing how badly formatted many URL's
actually are, esp in legitimate html based marketing emails. I'm not
sure how many are sent from third party marketing people, rather than
direct. Perhaps some sort of check on the sending ip-address matching
the sender domain as well.??? But this means a deeper analysis of the
whole email, so perhaps it's dropping into a SA 3 plugin solution. Or
even just making sure people are using the phishing surbl.org URI RBL???
Anyone else any ideas????
<rant>
For me this is another reason why non-text emails are a bad idea.....
</rant>
--
Martin Hepworth
Senior Systems Administrator
Solid State Logic Ltd
tel: +44 (0)1865 842300
Julian Field wrote:
> How could I improve it?
>
>
> On 17/11/04 12:01 pm, "Martin Hepworth" <martinh at SOLID-STATE-LOGIC.COM>
> wrote:
>
>>Quentin
>>
>>I'm getting alot of reports about 'broken links' reported by MS in emails.
>>
>>I quick view of the original message does indeed show the link is broken
>>in some way, mainly people sending out HTML email as marketing brochures
>>- ligitimate companies we deal with not 'spam' - where thet send out a
>>brokeb link accidentally in footers or do a phishing style redirect to a
>>link the text claims not to point to.
>>
>>However it is providing many false positives, and although I'm disabling
>>the anti-phishing feature for those domains with a ruleset, it is making
>>me contemplate turning off the feature altogether. Otherwise it merely
>>suffers from the cry wolf problem.
>
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.
**********************************************************************
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list