Phishing detection and outbind:

Paul Haldane Paul.Haldane at NEWCASTLE.AC.UK
Thu Jul 21 11:53:58 IST 2005

We've got an issue (I don't like to call it a problem because MailScanner is doing the right thing :->) with messages from Outlook
clients (I believe it's always Outlook) containing things like (as opposed to properly formed URLs like and the phishing detection code.

Here's an example (after going passing through MailScanner - haven't yet managed to capture an untouched version) ...

>programme has been developed. This is available on the website - 
>MailScanner has detected a possible fraud attempt from "outbind:" 
>claiming to be

I've tried (quite hard) to persuade Outlook to generate messages containing outbind hrefs but haven't yet managed so either it's not
as simple as I thought or the version/setup of Outlook I'm using doesn't do it.

Does anyone know exactly how to provoke this behaviour (and by implication how to avoid it)?

Would it be sensible/possible to treat this sort of URL specially (stripping off ^outbind://\d+/ ?) so that the phishing code is
happy with it?

Paul Haldane
Unix Systems, Information Systems and Services, University of Newcastle upon Tyne

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list