phishing net suggestion

Mark Nienberg mark at TIPPINGMAR.COM
Tue Feb 22 18:19:08 GMT 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Is there any chance an option could be added to the phishing net feature
so when MailScanner dectects something like this:

<a href="http://www.phishing.link">http://www.display.link</a>

it replaces it with somethng like this:

<a
href="http://www.mydomain.com/warning.php?link=www.phishing.link&display=www.display.link">http://www.display.link</a>

Then, if the user clicks on the link, he or she will be taken to a
dynamically generated (php or a perl cgi) page on our own website that
will explain the potential phishing attack, show the link as it
displays, and show the actual link.  It could include a working link to
the actual link in case the user really wants to go there (or in case of
false positive).  Help desk info, etc could also be included.

It has the advantage that false positives are not even noticeable unless
the user clicks on the link.  It allows a much better explanation of
what the possible problem is.  It could include links to general
information on the internet regarding phishing, etc.

I suppose someone who runs a high volume website could even have a
generic page for other mailscaner admins to use if they don't have their
own webserver set up.

--
Mark Nienberg, SE
Tipping Mar + associates
1906 Shattuck Ave
Berkeley, CA 94704
http://www.tippingmar.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




More information about the MailScanner mailing list