HTML5 wbr tag causes phising detection

Mark Sapiro mark at msapiro.net
Sat Nov 9 01:29:05 GMT 2013


On 11/08/2013 06:30 AM, mattias berge wrote:
> The html5 wbr tags seem to cause MailScanner to think of a link as
> different from the title.
> 
> <p class="MsoNormal"><span style="">Min presentation:&nbsp;</span><a
> href="http://host/kategori_blogg/buzz-kommunikation/something-something-i-something-something"
> target="_blank">http://<wbr>host/kategori_<wbr>blogg/buzz-kommunikation/<wbr>somthing-something-i-<wbr>something-something</a><span
> style="">/<u></u><u></u></span></p>
> 
> This gives the "MailScanner has detected a possible fraud". Is this a
> known problem?
>
> Mailscanner 4.84.5


I'm running MailScanner 4.84.6 which shouldn't be different from 4.84.5
in this respect, but I tested with a message containing exactly the
above HTML but with 'host' replaced by 'msapiro.net' in both cases, and
it did not trigger the possible fraud detection.

I then retested with 'msapiro.net' as the host in the href and
'ms2.msapiro.net' as the host in the text, and it did trigger the
possible fraud detection.

In both cases, there was a <wbr> tag in the text, i.e.
'http://<wbr>msapiro.net/...' in the first case and
'http://<wbr>ms2.msapiro.net/...' in the second.

Thus, I have to conclude this is not an issue in MS 4.84.6.

Aside: Why would Microsoft Office or whatever generated this HTML in the
first place want to allow breaking the text in the middle of a
representation of a URL?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


More information about the MailScanner mailing list