Phishing & MailScanner has detected a possible fraud attempt
from ...
Glenn Steen
glenn.steen at gmail.com
Sat Oct 14 11:41:08 IST 2006
On 13/10/06, Scott Silva <ssilva at sgvwater.com> wrote:
> MJ Thomas spake the following on 10/13/2006 8:39 AM:
> > Hi,
> >
> > I have reviewed the MailScanner documentation and some of the support
> > lists, but I can't find an answer to my question.
> >
> > I am deploying an enewsletter for our client using 3rd party email
> > deployment software. In order to track links, the email deployment
> > software wraps the original HTTP links within a different URL. For example:
> >
> > <a href="http://dcm5.com/t?ctl=7445D:9D6302
> > <BLOCKED::http://dcm5.com/t?ctl=7445D:9D6302>"
> > target=_blank>www.thinkmcmillan.com</a>
> >
> > For links like www.thinkmcmillan.com
> > <BLOCKED::http://www.thinkmcmillan.com>, the following message is
> > displayed when the email is deployed to those email addresses who use
> > MailScanner: *MailScanner has detected a possible fraud attempt from
> > "dcm5.com" claiming to be* www.thinkmcmillan.com
> > <BLOCKED::http://www.thinkmcmillan.com>.
> >
> > Does MailScanner have a recommendation on how to handle legitimate
> > wrappers that are used for tracking purposes? Is there some way of
> > associating dcm5.com and bridgewatersystems.com so MailScanner does not
> > flag this link as a possible fraud attempt?
> >
> > Thanks,
> >
> But that is exactly what the fraud detectors are supposed to do. It detects
> when the displayed url is different then the actual url. You would have to get
> the two url's (www.thinkmcmillan.com and dcm5.com) to match better, or
> convince Julian that it is legitimate so he can add it to his list of OK sites.
>
Or simply have those customers add your "fakes" to the phishing
whitelist themselves.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list