Phishing and BASE HREF
Elliott Wood
elliott at ZEUSLINE.COM
Mon Sep 12 19:41:32 IST 2005
[ The following text is in the "ISO-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
I ran into a problem today with MailScanner incorrectly tagging messages
sent out by our newsletter software as phishing scams. After much
troubleshooting, I determined that MS will tag the following as a
phishing attack:
<base href="http://www.foo.com">
...
<a href="/some/path/topage.php">A Page on Our Website</a>
...
<a href="http://www.bar.com">http://www.bar.com</a>
In this example, http://www.bar.com will be tagged as a phishing attack
"from www.foo.com claiming to be www.bar.com". I've used BASE in this
manner for years before I installed MS so I think it's widely compatible
across MUAs - but maybe I'm violating some standard here.
Am I incorrectly using the BASE tag, or is this a misinterpretation by MS?
I'm using 4.41.3 (the current Debian stable distribution), and can
provide a more exact example of this if needed.
Thanks!
--
Elliott Wood
elliott at zeusline.com
gtg674g at mail.gatech.edu
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list