phishing sites: local and remote

Julian Field MailScanner at
Tue Feb 10 19:13:34 GMT 2009

Are lots of other people seeing this sort of attack?
If so, is it worth my while doing something about it?
I'm not going to start coding for 1 site (sorry David), but if plenty of 
people are seeing this then I could possibly do something.

On 4/2/09 16:31, David Lee wrote:
> We try to use MS configs (currently 4.72.5) reasonably close to the 
> distributed version.  That includes taking the routine updates to 
> "phishing.bad.sites.conf" and "".
> Being a university, we are also getting badly hit by spear-phishing 
> attempts against our users.  We noticed that some of incoming bait
> contained URLs similar to ours.  Our true URLs are of the form:
> The incoming bait reads:
> (Real life pattern-matching would need more subtlety than that, but 
> you get the idea.)
> The routine anti-phishing stuff detects dubious URLs etc and displays 
> bright red "possible fraud" warnings.
> It would be nice if we could supplement this with an additional, 
> locally-based, component that could be configured to match suspicious 
> URLs based on the local site name.
> Is it possible to run such an antiphishing config, comprising both 
> Julian's standard set and a local component?
> If not, might it be a worthwhile addition?


Julian Field MEng CITP CEng
Buy the MailScanner book at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key:

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list