Phishing detection and outbind:

Julian Field MailScanner at
Thu Jul 21 16:40:22 IST 2005

Hash: SHA1

What version of MailScanner are you using?

On 21 Jul 2005, at 11:53, Paul Haldane wrote:

> We've got an issue (I don't like to call it a problem because  
> MailScanner is doing the right thing :->) with messages from Outlook
> clients (I believe it's always Outlook) containing things like  
> (as opposed to properly formed URLs like
> and the phishing detection code.
> Here's an example (after going passing through MailScanner -  
> haven't yet managed to capture an untouched version) ...
>> programme has been developed. This is available on the website -
>> <outbind://22/>
>> MailScanner has detected a possible fraud attempt from "outbind:"
>> claiming to be
> I've tried (quite hard) to persuade Outlook to generate messages  
> containing outbind hrefs but haven't yet managed so either it's not
> as simple as I thought or the version/setup of Outlook I'm using  
> doesn't do it.
> Does anyone know exactly how to provoke this behaviour (and by  
> implication how to avoid it)?
> Would it be sensible/possible to treat this sort of URL specially  
> (stripping off ^outbind://\d+/ ?) so that the phishing code is
> happy with it?

- -- 
Julian Field
Buy the MailScanner book at
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

Version: PGP Desktop 9.0.1 (Build 2185)


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list