false fraud positives with domain shorteners

Joolee mailscanner at joolee.nl
Tue Nov 15 18:08:28 GMT 2011

I'm using a modified version of a shortener decoder. I've modified it to be
able to handle a few extra shortener services that don't use a http header
and were being used in unrecognised spam. With this running and combined
with all other url checks (retrieved urls are returned to SpamAssassin to
be scanned by other rules and plugins), I've completely disabled the built
in Mailscanner fraud detector.

I can share the source if anyone is interested.

On 15 November 2011 18:55, Scott Silva <ssilva at sgvwater.com> wrote:

> on 11/15/2011 8:43 AM John Baker spake the following:
>> HI all,
>> I had a complaint to day with mail scanner putting" MailScanner has
>> detected
>> definite fraud in the website at" in a perfectly legitimate link using
>> google
>> domain shorteners. Does anybody have any ideas on how to keep fraud
>> checking
>> on but allowing domain shorteners?
> The trouble is, you can't be sure that EVERY shortened domain is going to
> be legitimate...
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.**info <mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
> Before posting, read http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111115/353994cd/attachment.html

More information about the MailScanner mailing list