MailScanner has detected definite fraud in the website at ""

Mark Sapiro mark at
Mon Jan 21 23:35:14 UTC 2019

On 1/21/19 3:03 PM, Peter Farrow wrote:
> Sending a fresh email with the  the link always gives this
> message, even with no text alternative, when the the link
> constructed in the same basic email it does not give the warning
> message, just a plain link, no text alternative, so not sure quite why
> that is the case unless I am being dumb (entirely possible!) is in phishing.bad.sites.conf. Jerry has answered why. Shawn
has answered how to override it by putting in

It's phishing.bad.sites.conf that produces the "definite fraud" warning.
The href domain unequal the text domain warning is different and
produces the "possible fraud attempt" warning.

This is not the only example of these things appearing in such contexts.

MalwarePatrol <> continually lists
'' and '', and these get
listed in PhishTank too.

Mark Sapiro <mark at>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the MailScanner mailing list