anti-phishing ruleset, still no cigar
Jeff A. Earickson
jaearick at COLBY.EDU
Wed Nov 17 20:03:06 GMT 2004
Julian,
I'm beating my head against the wall on this anti-phishing ruleset. The
email gets actually sent from xyz.com, with a "from" line of colby, like
so (from the mail headers):
Return-Path: <automailer-bounce at xyz.com>
(header traffic info removed)
Date: Wed, 17 Nov 2004 14:48:07 -0500 (EST)
From: Colby Alumni Relations <ootb at colby.edu>
To: Out of the Blue <jaearick at colby.edu>
Subject: test4
And the URL in the body of the message gets the red flag, like so:
See more at
<a
href="http://www.xyz.com/links/link.cgi?31957|9003843|CLY-200411171
44457"><font color="red"><b>MailScanner has detected a possible fraud attempt
from "www.xyz.com" claiming to be</b></font>
http://www.colby.edu/eag</a>.
My anti-phishing ruleset looks like so:
#---exempt sites from anti-phishing rules
From: 137.146. no
From: 127.0.0.1 no
From: xyz.com no
From: colby.edu no
#---do anti-phishing on everything else
FromOrTo: default yes
Am I doing something stoopid here, or have I hit a bug? Help!
Jeff Earickson
Colby College
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list