MailScanner has detected definite fraud in the website at "youtu.be"
Mark Sapiro
mark at msapiro.net
Mon Jan 21 23:35:14 UTC 2019
On 1/21/19 3:03 PM, Peter Farrow wrote:
>
> Sending a fresh email with the the youtu.be link always gives this
> message, even with no text alternative, when the the youtube.com link
> constructed in the same basic email it does not give the warning
> message, just a plain link, no text alternative, so not sure quite why
> that is the case unless I am being dumb (entirely possible!)
youtu.be is in phishing.bad.sites.conf. Jerry has answered why. Shawn
has answered how to override it by putting youtu.be in
phishing.safe.sites.custom.
It's phishing.bad.sites.conf that produces the "definite fraud" warning.
The href domain unequal the text domain warning is different and
produces the "possible fraud attempt" warning.
This is not the only example of these things appearing in such contexts.
MalwarePatrol <https://www.malwarepatrol.net/> continually lists
'https://docs.google.com' and 'https://drive.google.com', and these get
listed in PhishTank too.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list