Handling phishing false positives

David Lee t.d.lee at DURHAM.AC.UK
Fri Jan 21 17:21:32 GMT 2005 

On Fri, 21 Jan 2005, Julian Field wrote:

> The latest beta includes a "phishing whitelist" so that in your example
> below you would add
>   ugly.thing
> to the whitelist file and it would not be caught by the phishing net.
>
> This means you can pretty much eliminate false positives altogether
> after a while.

Thanks.  That's useful and helpful to know.

My main questions, which I think are still valid, are from a wider
perspective than simply "me at my site for my users' sake":

>> 1. Julian: Do you have a mechanism by wish we can report "false
>> positives"
>>    to you so that you can see whether there are other criteria that might
>>    help you reduce even further the f.p. rate in MS?
  [ Clarification: might there be any systematic f.p. symptoms which the
  current code (4.37.7 etc.) is missing? ]


>> 2. Most of us probably regard the technique of:
>>       <a href="http://ugly.thing"> http://looks.nice.com/ </a>
>>    as undesirable (even if technically legal) and that there is a case
>>    for trying to educate the creators of many (most?) such things.
>>
>>    Might is be worth us (the MailScanner community) developing a simple,
>>    short paragraph or text that we can hand to our local users who
>> receive
>>    such things, for them to pass on to the external people who sent them?
>>    (This could be included in ths MS distribution.)
  [ Clarification: helping _all_ MS sites to act in a _coordinated_ manner
  to try to correct the undesirable practices at their many sources. ]


--

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           University of Durham  :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham                :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list