Phishing fraud question

Julian Field mailscanner at ecs.soton.ac.uk
Thu Oct 14 11:08:11 IST 2004


<x-flowed>
At 10:29 14/10/2004, you wrote:
>On Thu, 14 Oct 2004 09:31:35 +0100, Julian Field wrote:
> > It's just that phishing detection does detect quite a few false positives
> > due to the stupidity of a lot of newsletter authors who put "fake" links in
> > their material. I don't want people to become used to seeing "{Dangerous
> > Content?}" or whatever, and therefore ignoring it.
>
>Are the majority of the false positives like the example you just sent,
>i.e. a different page on the same host?

Mostly, but not all.

>If so, perhaps you could decide to flag as dangerous content if and only
>if the host is different? After all, if the link is simply going
>somewhere else on the same site there is little, if any, real danger.

Trying to match up any more than I already do is fraught with problems.
People can add in usernames, passwords, all sorts of things to make parsing
the URL very hard. At the moment I only have to look at the "simple" stuff
at the beginning.
--
Julian Field
www.MailScanner.info
MailScanner thanks transtec Computers for their support
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
</x-flowed>



More information about the MailScanner mailing list