false fraud positives with domain shorteners

Joolee mailscanner at joolee.nl
Thu Nov 17 19:41:15 GMT 2011

My problem was that it activated on stuff like groupon mails containing
something like: <a href="http://groupon.com/action/blaaa">Print your photos
with makeyourownphotoalbum.com!</a>
To counter the removal of the url hiding protection, I've added a few
filters to SpamAssassin to add high scores for stuff like <a href="http://
...">https://...</a> or <a href="http://.....html/.php">bank-name or
website</a> (Got only 4 big banks that are used for phishing.)

I think I've contacted the mailinglist before for that problem but the the
answer was, as it almost always is, that all misbehaviour is "by design"
and "should not be changed".

On 17 November 2011 17:51, Scott Silva <ssilva at sgvwater.com> wrote:

> on 11/16/2011 1:51 AM Joolee spake the following:
>> Than, what about stuff like http://youtu.be/Hw2K9SifAXk, other Google
>> shorteners, shorteners used on twitter (automated mailing systems for
>> tweets
>> will send the shortened urls) or stuff like http://twk.rs/nj4D which is a
>> service provided by tweakers.net <http://tweakers.net> and points to
>> http://tweakers.net/nieuws/**78119/ <http://tweakers.net/nieuws/78119/>.
>> It's a bit to much to mark any E-mail that includes a shortened url as
>> spam. I
>> will give all E-mails containing a shortener a spam score  of +2 but I
>> let
>> the other URL checkers in SpamAssassin and my plugins decide whether the
>> url
>> the shortened version points to is malicious.
>>  But the OP was commenting on the fraud protection components, which was
> designed to warn about url hiding... Use it, don't use it... It was
> designed to uncover url hiding in html tags.
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.**info <mailscanner at lists.mailscanner.info>
> http://lists.mailscanner.info/**mailman/listinfo/mailscanner<http://lists.mailscanner.info/mailman/listinfo/mailscanner>
> Before posting, read http://wiki.mailscanner.info/**posting<http://wiki.mailscanner.info/posting>
> Support MailScanner development - buy the book off the website!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20111117/8e2ac7c3/attachment.html

More information about the MailScanner mailing list