Beta 4.52.1 released

Ken A ka at
Mon Mar 27 18:00:09 IST 2006

Julian Field wrote:
> I think the answer is "nothing but log it", but test it out and let me 
> know.

Looks like there may be a parsing problem in the phishing code.
MailScanner logs this:

Found phishing fraud from claiming to be 
in k2RGgTj4022846

Here's the html in the email that triggered this:

<A href="" style="color: 
#000000;text-decoration:none;">For a limited time, get up to 30% off on 
all Dwell Bedding and Pillows at Pay only $5 to ship 
everything! Click now and save!</a>


Ken Anderson

> Ken A wrote:
>> Julian,
>> That sounds like a nice improvement. I had turned off the phishing 
>> code due to false positives with it, but will give it a shot with "Use 
>> Stricter Phishing Net = no".
>> If I have Phishing Modify Subject = no, and Highlight Phishing Fraud = 
>> no, what does MailScanner do when it finds a phishing attempt? I'm 
>> hoping the answer is "nothing but log it", so that I can use this 
>> configuration for testing.
>> Thanks,
>> Ken A
>> Pacific.Net
>> Julian Field wrote:
>>> I have just released a new beta version 4.52.1.
>>> There is 1 new feature in this release, but it will be important to 
>>> some of you, so please read on. It affects the phishing net, and may 
>>> give you pretty good protection against phishing scams, while having 
>>> a much lower false alarm rate than the full phishing net code that 
>>> has been there so far.
>>>  You can now set "Use Stricter Phishing Net = no" which will make the
>>>  phishing net just check the name of the company owning the website, 
>>> along
>>>  with any country code of course. There is a configuration file 
>>> containing
>>>  a list of all the 2nd and 3rd level domain names in use by all 
>>> countries,
>>>  it lists domain endings such as "" which are used by a country to
>>>  describe a whole type of websites within their country. So if the 
>>> website
>>>  is "" it knows to check just, whereas
>>>  given "" it will check
>>>  The configuration file "Country Sub-Domains List" lists all the entries
>>>  required for this to work in any country, 1 per line. You shouldn't 
>>> need
>>>  to touch this file.
>>> I hope you find this new feature useful, and it may enable some of 
>>> you (particularly large ISPs) to provide your customers and users 
>>> with a high level of protection against phishing scams.
>>> Let me know how you get on.

More information about the MailScanner mailing list