Phishing Filter Question

[am.lists]

On 3/19/07, Denis Beauchemin <Denis.Beauchemin at usherbrooke.ca> wrote:
> am.lists a écrit :
> > I'm currently fighting some usability issues surrounding the phishing
> > filter.
> >
> > The perfect example to share is Google Alert emails. Every link is
> > flagged due to the way that the email is crafted. (sample screenshot:
> > http://tinyurl.com/27yx68 )
> >
> > In reading the phishing filter file, I understand how it works, but
> > the way Google Alerts works, in particular, and combined with phishihg
> > sites being updated daily, this seems to be quite a problem. How can I
> > be more forgiving without losing the functionality? If I turn off
> > highlighting, how can users still know that there is suspicious (but
> > maybe harmless) content?
> >
> > I don't want to lose the functionality and security that this
> > provides, but I don't want to alienate my users by continually
> > alerting them to things that are actually harmless.
> >
> > My settings are:
> >
> > Find Phishing Fraud = yes
> > Also Find Numeric Phishing = yes
> > Use Stricter Phishing Net = yes
> > Highlight Phishing Fraud = yes
> > Phishing Safe Sites File = %etc-dir%/phishing.safe.sites.conf
> >
> > This is MailScanner 4.58.9
> >
> >
> > Best,
> >
> > Angelo
> Angelo,
>
> Why don't you use a ruleset for "Find Phishing Fraud" with the value
> "false" for "googlealerts-noreply at google.com" (assuming this is the
> envelope sender) and true as default?
>
> Denis
>

Will that actually work?  My understanding, after reading the comments
in the config files said that if you have a message like so:

from: bob at nowhere.org

come see [a href=redir.nowhere.org/someplace]nowhere.org at your
earliest convenience[/a]

That would flag as redir.nowhere.org claiming to be nowhwere.org at
your earliest convenience.

And what goes in the whiltelist file is "redir.nowhere.org"

But you're saying to add bob at nowhwere.org?

I can't in the docs where that's supported as a fix.

Angelo