how to write an anti-phishing ruleset (and test?)
Julian Field
mailscanner at ecs.soton.ac.uk
Wed Nov 17 17:08:00 GMT 2004
On 17/11/04 4:51 pm, "Jeff A. Earickson" <jaearick at COLBY.EDU> wrote:
> Gang,
>
> Our alumni office uses one of these click-thru counter services for
> the alumni newsletter. They sent out their monthly newsletter a
> couple of days ago and all of their URLs got marked as phishing attempts
> by MailScanner. They were peeved at me. Now I need to write a
> ruleset to exempt the click-thru service and then be able to test it.
> A sample bit of URL code is:
>
> <p>See more at <a
> href="http://www.xyz.com/links/link.cgi?31889|363543|CLY-20041117090021">http:
> //www.colby.edu/eag</a>.</p>
>
> If I email myself this snippet, I can't get MailScanner to bark like it
> did for the real message (which came from xyz.com). Why? How to test
> a ruleset?
>
> What would a sample anti-phishing ruleset look like? Something like:
>
> #---exempt from xyz.com->colby.edu from anti-phishing tests
> From: xyz.com and To: colby.edu no
>
> #---everybody else gets tested
> Default: yes
>
> An example in the etc/rules/EXAMPLES file would be nice.
It looks just like any other ruleset.
From: your-alumni at office.address no
FromOrTo: default yes
--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list