how to write an anti-phishing ruleset (and test?)
Leif Neland
mailscanner-user at NELAND.DK
Thu Nov 18 00:20:45 GMT 2004
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Jeff A. Earickson <jaearick at COLBY.EDU> wrote:
> Gang,
>
> Our alumni office uses one of these click-thru counter services for
> the alumni newsletter. They sent out their monthly newsletter a
> couple of days ago and all of their URLs got marked as phishing
> attempts by MailScanner. They were peeved at me. Now I need to write a
> ruleset to exempt the click-thru service and then be able to test it.
> A sample bit of URL code is:
>
> <p>See more at <a
> href="http://www.xyz.com/links/link.cgi?31889|363543|CLY-20041117090021">http://www.colby.edu/eag</a>.</p>
>
What is the problem? It is a phishing attempt, and MailScanner is detecting
it,
> If I email myself this snippet, I can't get MailScanner to bark like
> it did for the real message (which came from xyz.com). Why? How to test
> a ruleset?
Are you whitelisting yourself?
Leif¨
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list