Phishing detection and outbind:
Julian Field
MailScanner at ecs.soton.ac.uk
Thu Jul 21 16:40:22 IST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What version of MailScanner are you using?
On 21 Jul 2005, at 11:53, Paul Haldane wrote:
> We've got an issue (I don't like to call it a problem because
> MailScanner is doing the right thing :->) with messages from Outlook
> clients (I believe it's always Outlook) containing things like
> www.ncl.ac.uk (as opposed to properly formed URLs like
> http://www.ncl.ac.uk/) and the phishing detection code.
>
>
> Here's an example (after going passing through MailScanner -
> haven't yet managed to capture an untouched version) ...
>
>
>> programme has been developed. This is available on the website -
>> <outbind://22/www.ncl.ac.uk/internal/e2r>
>> MailScanner has detected a possible fraud attempt from "outbind:"
>> claiming to be www.ncl.ac.uk/internal/e2r
>>
>
> I've tried (quite hard) to persuade Outlook to generate messages
> containing outbind hrefs but haven't yet managed so either it's not
> as simple as I thought or the version/setup of Outlook I'm using
> doesn't do it.
>
> Does anyone know exactly how to provoke this behaviour (and by
> implication how to avoid it)?
>
> Would it be sensible/possible to treat this sort of URL specially
> (stripping off ^outbind://\d+/ ?) so that the phishing code is
> happy with it?
- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.1 (Build 2185)
iQA/AwUBQt/B6BH2WUcUFbZUEQKyWgCgsc31HuQIyK/iCPOB/dz7pcvaZ/EAn1e1
YVWmLEiUo41+K6Q5nPtcaf/7
=xWD3
-----END PGP SIGNATURE-----
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list