Phishing & MailScanner has detected a possible fraud attemptfrom ...

MJ Thomas mjthomas at thinkmcmillan.com
Mon Oct 16 14:00:41 IST 2006


Thanks Scott,

I realize the software is functioning as intended.  What I was hoping to
find out is whether there is a legitimate way to associate two domains so
that the MailScanner software does not flag the link.  Perhaps by making the
dcm5.com domain Sender ID compliant?

Cheers,
 

=========================
MJ Thomas

Technical Projects Lead 
McMillan
T 613-789-1234 x296
mjthomas at thinkmcmillan.com
thinkmcmillan.com
=========================

Agency-Client Confidential Information
This email and any files transmitted with it are confidential and intended
solely for the use of the named addressee. If you have received this email
in error you should not disseminate, distribute, or copy it; please notify
the sender immediately and delete the message from your system.
Please check this email and any attachments for the presence of viruses.
McMillan accepts no liability for any damage caused by any virus transmitted
by this email.

 


-----Original Message-----
From: Scott Silva [mailto:ssilva at sgvwater.com] 
Sent: October 13, 2006 1:44 PM
To: mailscanner at lists.mailscanner.info
Subject: Re: Phishing & MailScanner has detected a possible fraud
attemptfrom ...

MJ Thomas spake the following on 10/13/2006 8:39 AM:
> Hi,
>  
> I have reviewed the MailScanner documentation and some of the support 
> lists, but I can't find an answer to my question.
>  
> I am deploying an enewsletter for our client using 3rd party email 
> deployment software.  In order to track links, the email deployment 
> software wraps the original HTTP links within a different URL.  For
example:
>  
> <a href="http://dcm5.com/t?ctl=7445D:9D6302
> <BLOCKED::http://dcm5.com/t?ctl=7445D:9D6302>"
> target=_blank>www.thinkmcmillan.com</a>
>  
> For links like www.thinkmcmillan.com
> <BLOCKED::http://www.thinkmcmillan.com>, the following message is 
> displayed when the email is deployed to those email addresses who use
> MailScanner: *MailScanner has detected a possible fraud attempt from 
> "dcm5.com" claiming to be* www.thinkmcmillan.com 
> <BLOCKED::http://www.thinkmcmillan.com>.
>  
> Does MailScanner have a recommendation on how to handle legitimate 
> wrappers that are used for tracking purposes?  Is there some way of 
> associating dcm5.com and bridgewatersystems.com so MailScanner does 
> not flag this link as a possible fraud attempt?
>  
> Thanks,
>  
But that is exactly what the fraud detectors are supposed to do. It detects
when the displayed url is different then the actual url. You would have to
get the two url's (www.thinkmcmillan.com and dcm5.com) to match better, or
convince Julian that it is legitimate so he can add it to his list of OK
sites.

-- 

MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!






More information about the MailScanner mailing list