Mailto's being marked as detected fraud attempt.
Marco Benton
marco at XSSNET.COM
Wed Nov 17 18:33:58 GMT 2004
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Martin Hepworth wrote:
> Julian
>
> good question...I'm not sure much can be done apart from tune the thing
> using rules....
>
> I think the phishing detector is showing how badly formatted many URL's
> actually are, esp in legitimate html based marketing emails. I'm not
> sure how many are sent from third party marketing people, rather than
> direct. Perhaps some sort of check on the sending ip-address matching
> the sender domain as well.??? But this means a deeper analysis of the
> whole email, so perhaps it's dropping into a SA 3 plugin solution. Or
> even just making sure people are using the phishing surbl.org URI RBL???
>
> Anyone else any ideas????
i think you are correct... like what SA does with URI's.. you might
have to do a reverse lookup on the URL to see if it matches. SA wont
change the message body but MS will.
but this might add overhead.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list