Fraud and Phishing detection

Julian Field mailscanner at
Wed Aug 16 21:06:45 IST 2006

Hash: SHA1

DAve wrote:
> Kevin Miller wrote:
>> DAve wrote:
>>> I did, and I have. But I only get to see the page *after* MS has
>>> disabled it.
>>> I have clients asking "Why?". They are not complaining, just asking
>>> how it works, they are glad we are disabling suspected fraud. I would
>>> like to say what the system is looking for and provide a valid
>>> example in before and after states.
>>> The bottom line, it works, and works well. But I don't want to sound
>>> stooopid because I can't explain how it works with confidence.
>> In a nutshell it compares the purported URL with the underlying one, and
>> if they're different it flags it unless it's in the whitelist.  For
>> example might point to;
>> whatever they're using for a web or mail server.  It's probably
>> legitimate.  Or it may be a message that says but points to
>> some server in Russia.  MS will ding that one.
>> I'm sure it's much more complicated than that under the hood, but if
>> you're trying to explain it to non-technical users, that's the gist of
>> it.  I think...
>> ...Kevin
> That is what I'm been saying after a "very quick" glance at the source 
> code and a few messages.
> I have one example I use, I wasn't sure if MS would catch more that this.
> <a href=""></a>

See the newly updated site.

- -- 
Julian Field
Buy the MailScanner book at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit

Version: PGP SDK 3.7.0
Charset: ISO-8859-1


This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit

More information about the MailScanner mailing list