Phishing and BASE HREF

Julian Field MailScanner at ecs.soton.ac.uk
Mon Sep 12 22:29:44 IST 2005


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have just tested this example with the latest code and it works fine.
Also, adding
<a href="/some/other/path.php">http://www.bar.com</a>
correctly gets flagged as a phishing attack.

So this code appears to work fine now.

I'm afraid I don't backport things, so 4.41.3 won't get updated (that's 
what newer versions are for :-)

Elliott Wood wrote:

> I ran into a problem today with MailScanner incorrectly tagging 
> messages sent out by our newsletter software as phishing scams.  After 
> much troubleshooting, I determined that MS will tag the following as a 
> phishing attack:
>
> <base href="http://www.foo.com">
> ...
> <a href="/some/path/topage.php">A Page on Our Website</a>
> ...
> <a href="http://www.bar.com">http://www.bar.com</a>
>
> In this example, http://www.bar.com will be tagged as a phishing 
> attack "from www.foo.com claiming to be www.bar.com".  I've used BASE 
> in this manner for years before I installed MS so I think it's widely 
> compatible across MUAs - but maybe I'm violating some standard here.
>
> Am I incorrectly using the BASE tag, or is this a misinterpretation by 
> MS?
>
> I'm using 4.41.3 (the current Debian stable distribution), and can 
> provide a more exact example of this if needed.
>
> Thanks!
> -- 
> Elliott Wood
> elliott at zeusline.com
> gtg674g at mail.gatech.edu
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!



More information about the MailScanner mailing list