how to write an anti-phishing ruleset (and test?)
Jeff A. Earickson
jaearick at COLBY.EDU
Wed Nov 17 16:51:07 GMT 2004
Gang,
Our alumni office uses one of these click-thru counter services for
the alumni newsletter. They sent out their monthly newsletter a
couple of days ago and all of their URLs got marked as phishing attempts
by MailScanner. They were peeved at me. Now I need to write a
ruleset to exempt the click-thru service and then be able to test it.
A sample bit of URL code is:
<p>See more at <a href="http://www.xyz.com/links/link.cgi?31889|363543|CLY-20041117090021">http://www.colby.edu/eag</a>.</p>
If I email myself this snippet, I can't get MailScanner to bark like it
did for the real message (which came from xyz.com). Why? How to test
a ruleset?
What would a sample anti-phishing ruleset look like? Something like:
#---exempt from xyz.com->colby.edu from anti-phishing tests
From: xyz.com and To: colby.edu no
#---everybody else gets tested
Default: yes
An example in the etc/rules/EXAMPLES file would be nice.
Jeff Earickson
Colby College
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list