how to write an anti-phishing ruleset (and test?)

Julian Field mailscanner at
Wed Nov 17 17:08:00 GMT 2004

On 17/11/04 4:51 pm, "Jeff A. Earickson" <jaearick at COLBY.EDU> wrote:

> Gang,
> Our alumni office uses one of these click-thru counter services for
> the alumni newsletter.  They sent out their monthly newsletter a
> couple of days ago and all of their URLs got marked as phishing attempts
> by MailScanner.  They were peeved at me.  Now I need to write a
> ruleset to exempt the click-thru service and then be able to test it.
> A sample bit of URL code is:
> <p>See more at <a
> href="|363543|CLY-20041117090021">http:
> //</a>.</p>
> If I email myself this snippet, I can't get MailScanner to bark like it
> did for the real message (which came from  Why?  How to test
> a ruleset?
> What would a sample anti-phishing ruleset look like?  Something like:
>     #---exempt from> from anti-phishing tests
>     From: and To:     no
>     #---everybody else gets tested
>     Default: yes
> An example in the etc/rules/EXAMPLES file would be nice.

It looks just like any other ruleset.

From: your-alumni at office.address no
FromOrTo: default yes

Julian Field
Buy the MailScanner book at

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list