phishing detection bug

John Wilcock john at TRADOC.FR
Fri Feb 18 16:37:29 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Okay, a simple trap for this one would be that the real URL must contain
> at least one "." character. How about that?

What about octal IP-based hostnames?

What about an intranet case, where a hostname only, with no domain part,
could be perfectly valid? Then again this wouldn't be phishing fodder.

To be sure though, how about requiring either a "." or a "/"?

Apart from that, what about relative URLs used with a <BASE HREF=...>
tag? Does your phishing net currently trap these anyway? If not, perhaps
it should.


-- Over 2500 webcams from ski resorts around the world -
-- Translate your technical documents and web pages    -

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list