Phishing Filter Question

Denis Beauchemin Denis.Beauchemin at
Mon Mar 19 14:46:29 CET 2007

am.lists a écrit :
> I'm currently fighting some usability issues surrounding the phishing 
> filter.
> The perfect example to share is Google Alert emails. Every link is
> flagged due to the way that the email is crafted. (sample screenshot:
> )
> In reading the phishing filter file, I understand how it works, but
> the way Google Alerts works, in particular, and combined with phishihg
> sites being updated daily, this seems to be quite a problem. How can I
> be more forgiving without losing the functionality? If I turn off
> highlighting, how can users still know that there is suspicious (but
> maybe harmless) content?
> I don't want to lose the functionality and security that this
> provides, but I don't want to alienate my users by continually
> alerting them to things that are actually harmless.
> My settings are:
> Find Phishing Fraud = yes
> Also Find Numeric Phishing = yes
> Use Stricter Phishing Net = yes
> Highlight Phishing Fraud = yes
> Phishing Safe Sites File = %etc-dir%/
> This is MailScanner 4.58.9
> Best,
> Angelo

Why don't you use a ruleset for "Find Phishing Fraud" with the value 
"false" for "googlealerts-noreply at" (assuming this is the 
envelope sender) and true as default?


  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3595 bytes
Desc: S/MIME Cryptographic Signature
Url :

More information about the MailScanner mailing list