Phishing detection and outbind:
Paul.Haldane at NEWCASTLE.AC.UK
Thu Jul 21 11:53:58 IST 2005
We've got an issue (I don't like to call it a problem because MailScanner is doing the right thing :->) with messages from Outlook
clients (I believe it's always Outlook) containing things like www.ncl.ac.uk (as opposed to properly formed URLs like
http://www.ncl.ac.uk/) and the phishing detection code.
Here's an example (after going passing through MailScanner - haven't yet managed to capture an untouched version) ...
>programme has been developed. This is available on the website -
>MailScanner has detected a possible fraud attempt from "outbind:"
>claiming to be www.ncl.ac.uk/internal/e2r
I've tried (quite hard) to persuade Outlook to generate messages containing outbind hrefs but haven't yet managed so either it's not
as simple as I thought or the version/setup of Outlook I'm using doesn't do it.
Does anyone know exactly how to provoke this behaviour (and by implication how to avoid it)?
Would it be sensible/possible to treat this sort of URL specially (stripping off ^outbind://\d+/ ?) so that the phishing code is
happy with it?
Unix Systems, Information Systems and Services, University of Newcastle upon Tyne
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner