Definite Fraud?

Julian Field MailScanner at ecs.soton.ac.uk
Fri Feb 8 16:46:18 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Mark Nienberg wrote:
> Jay Chandler wrote:
>> I'm sure this has been rehashed before, but...
>>
>>
>> *MailScanner has detected definite fraud in the website at 
>> "tinyurl.com". Do /not/ trust this website:* http://tinyurl.com/blah 
>> <http://tinyurl.com/2b5l4w>
>>
>>
>> Obviously it's detecting the 301 redirect, but that doesn't 
>> necessarily bespeak fraud.  There are a lot of non-fraudulent things 
>> that it could be, ranging from shock pictures to Rick Rolls to 
>> inredibly long URLs.
>>
>> Has anyone discussed changing the wording here?
>>
>
> The wording is correct.  This is the message that is displayed when a 
> url is found in the list /etc/MailScanner/phishing.bad.sites.conf.
>
> These are known phishing sites.  This is different from the case where 
> a link target and text do not match, which is described as a 
> "possible" fraud.
>
> That said, it is a little strange that tinyurl.com is listed in 
> phishing.bad.sites.conf, but it is.
It was on there as the url tinyurl.com/2n8vml was reported. To avoid URL 
obfuscation working, it blacklists the entire site. The report should 
have been for the target of that redirector, not the innocent redirector 
itself. I have removed tinyurl.com from the blacklist.

Your site should update in the next hour or so.

>
> Mark
>

Jules

- -- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.7.0 (Build 1012)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFHrIdbEfZZRxQVtlQRApTiAJsHrBW2ir22q29wo/I9xcruPxu7PACeL8pn
Q6+LW/YBqynf9GmiQvoHDq8=
=6X/W
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the MailScanner mailing list