Rules for Fraud detection
Ronny T. Lampert
telecaadmin at gmail.com
Tue Jan 8 10:22:18 GMT 2008
>> 2) Can they operate on the VALUE of the possible fraud?
> See www.phishingnet.info for a brief description of basically how they work.
Ah, sorry, that's not what I meant. I was looking for a detailed description
about how the From: etc keywords work and if there are more keywords
I found in the docs that there are "only" the well-known From: etc keywords.
Okay, next problem:
MailScanner marks mails a fraud if there is a link with differing text.
But it does that regardless if the text looks like an URL or not, e.g.
(a href=http://erp.system/action?123) [APPROVE] (/a)
Wouldn't it be good to not do it for those kind of links where the text
does not resemble an URL?
More information about the MailScanner