Change default phishing net setting?

[Quentin Campbell]

>-----Original Message-----
>From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>bounces at lists.mailscanner.info] On Behalf Of Julian Field
>Sent: 11 October 2007 21:03
>To: MailScanner discussion
>Subject: Change default phishing net setting?
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I am considering changing the supplied default
>    Use Stricter Phishing Net = yes
>to "no".
>
>As a reminder, the biggest consequence of this is that links that take
>you to host tracking.yourdomain.com while claiming to be taking you to
>www.yourdomain.com would be allowed.
>
>Any thoughts?
>What do most people set this to?

We set this to "no" after initially trying "yes". Too many false positives and complaints.

I think I understand the implications of using 'Use Stricter Phishing Net = no'. 

Its effects would only be serious if 'yourdomain.com' was a _reputable_ sounding organisation owned or subverted by some foreign criminal enterprise, not vulnerable to the rule of law. But observe that 'yourdomain.com' could construct its phishing/scam e-mails so that they would not even be detected by MailScanner with 'Use Stricter Phishing Net = yes', since it has full control of its DNS entries.  

If 'yourdomain.com' was a reputable business, vulnerable to the rule of law, who unknowingly allowed a part of its organisation to register and use 'trojan.yourdomain.com' in a phishing exercise (seems an unlikely possibility), then I would expect the problem to be quickly recognised and dealt with and affected individuals to have recourse through the courts where necessary.

Is this assessment to naïve?

Quentin