Handling phishing false positives

Julian Field MailScanner at ecs.soton.ac.uk
Fri Jan 21 21:40:11 GMT 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

The code has changed a bit since 4.37, so hopefully the FP rate has dropped.
Other than that, report FP's to me and I'll see what I can do.

David Lee wrote:

> On Fri, 21 Jan 2005, Julian Field wrote:
>
>> The latest beta includes a "phishing whitelist" so that in your example
>> below you would add
>>   ugly.thing
>> to the whitelist file and it would not be caught by the phishing net.
>>
>> This means you can pretty much eliminate false positives altogether
>> after a while.
>
>
> Thanks.  That's useful and helpful to know.
>
> My main questions, which I think are still valid, are from a wider
> perspective than simply "me at my site for my users' sake":
>
>>> 1. Julian: Do you have a mechanism by wish we can report "false
>>> positives"
>>>    to you so that you can see whether there are other criteria that
>>> might
>>>    help you reduce even further the f.p. rate in MS?
>>
>  [ Clarification: might there be any systematic f.p. symptoms which the
>  current code (4.37.7 etc.) is missing? ]
>
>
>>> 2. Most of us probably regard the technique of:
>>>       <a href="http://ugly.thing"> http://looks.nice.com/ </a>
>>>    as undesirable (even if technically legal) and that there is a case
>>>    for trying to educate the creators of many (most?) such things.
>>>
>>>    Might is be worth us (the MailScanner community) developing a
>>> simple,
>>>    short paragraph or text that we can hand to our local users who
>>> receive
>>>    such things, for them to pass on to the external people who sent
>>> them?
>>>    (This could be included in ths MS distribution.)
>>
>  [ Clarification: helping _all_ MS sites to act in a _coordinated_ manner
>  to try to correct the undesirable practices at their many sources. ]
>
>
> --
>
> :  David Lee                                I.T. Service          :
> :  Senior Systems Programmer                Computer Centre       :
> :                                           University of Durham  :
> :  http://www.dur.ac.uk/t.d.lee/            South Road            :
> :                                           Durham                :
> :  Phone: +44 191 334 2752                  U.K.                  :
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list