Phishing fraud bug?

Koopmann, Jan-Peter jan-peter at koopmann.eu
Mon Jul 9 20:38:39 IST 2007


Hi Jules,

> I remove all whitespace in the link text fairly early on in the
> process.
> I do this as it could be quite possible to make a link look like
> something else by putting it at the end of a long line and inserting a
> line-break in the middle of it, appearing just like word-wrapping.

But a newline character or similar would not be interpreted as part of
the link by the MUA, would it? So clicking such a construct would not do
any harm. Of course the user could always mark the entire seemingly link
and copy&paste it in the browser. Hard to cover that.


> So it sees
> http://www.test.devorstand:
> which is valid except there isn't a number after the ":". I might be
> able to do something about this, but certainly no promises. It's
> difficult to put the whitespace back in after you've taken it out :-(

Hm. This will result in quite some false positives and already has. Due
to a "new" german law all B2B e-mails in Germany need a legitimate
disclaimer stating all sorts of information. While the home-page URL is
voluntary, most of the companies will state it in the footer followed by
additional information just as I quoted. All of them will be scrambled
by MailScanner.

Not sure how to solve this problem. Any ideas?

Regards,
  JP


More information about the MailScanner mailing list