anti-phishing ruleset, still no cigar

Jeff A. Earickson jaearick at COLBY.EDU
Wed Nov 17 20:03:06 GMT 2004


I'm beating my head against the wall on this anti-phishing ruleset.  The
email gets actually sent from, with a "from" line of colby, like
so (from the mail headers):

Return-Path: <automailer-bounce at>
(header traffic info removed)
Date: Wed, 17 Nov 2004 14:48:07 -0500 (EST)
From: Colby Alumni Relations <ootb at>
To: Out of the Blue <jaearick at>
Subject: test4

And the URL in the body of the message gets the red flag, like so:

See more at
44457"><font color="red"><b>MailScanner has detected a possible fraud attempt
from "" claiming to be</b></font></a>.

My anti-phishing ruleset looks like so:

    #---exempt sites from anti-phishing rules
    From:   137.146.        no
    From:       no
    From:   no
    From:       no

    #---do anti-phishing on everything else
    FromOrTo:       default yes

Am I doing something stoopid here, or have I hit a bug?  Help!

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list