phishing from same domain?

Ken A ka at PACIFIC.NET
Thu Dec 29 00:40:19 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

Is there any way to tell the phishing code to ignore matches like this I 
see in the log now and then?

MailScanner[4228]: Found phishing fraud from email.capitalone.com 
claiming to be www.capitalone.com in jBT0Dh5c006095

I'd like it if MailScanner had an option so it would decide something 
was phishing ONLY if the domain name didn't match, but ignore the 
hostname. This assumes that most people can control hosts within their 
own domain, but I think it would be a nice option.

The text of the email:

You can view our privacy policy and contact information at <a 
href="http://email.capitalone.com/TBXX034D3DDDDDD10614XX" 
target="_blank"><font color="red"><b>MailScanner has detected a possible 
fraud attempt from "email.capitalone.com" claiming to be</b></font> 
http://www.capitalone.com</a>.

Thanks,
Ken A

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list