IP phishing false positive

Mark Nienberg mark at TIPPINGMAR.COM
Fri Apr 15 20:30:44 IST 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin wrote:

> Mark Nienberg wrote:
>> MailScanner is warning about phishing fraud for links that contain IP
>> addresses even if the IP address matches the display text.
>> <>Example:
>> MailScanner has detected a possible fraud attempt from ""
>> claming to be
>> MailScanner 4.40.11-1
> Marc,
> This is probably why:
> # While detecting "Phishing" attacks, do you also want to point out links
> # to numeric IP addresses. Genuine links to totally numeric IP addresses
> # are very rare, so this option is set to "yes" by default. If a numeric
> # IP address is found in a link, the same phishing warning message is
> used
> # as in the Find Phishing Fraud option above.
> # This can also be the filename of a ruleset.
> Also Find Numeric Phishing = yes
> Denis
I think it should first make sure the link and the display name are
different before it flags as fraudulent.  There is no fraud attempt if
the two match.

Mark Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list