Phish detection (was Re: [Mimedefang] for mcafee lovers)
Kevin A. McGrail
kmcgrail at pccc.com
Thu Mar 24 09:54:18 EST 2005
It's a good idea. I'd love to see some statistics about it's effectiveness
/ false positive rate. At the very worst, if it disabled the link, it
wouldn't be that bad.
Regards,
KAm
> <a href="http://bogus.site.com/.cgi/ebay/cgi">https://secure.ebay.com</a>
>
> Got that? If the URL *text* in the hyperlink doesn't match
> the URL in the HREF parameter (modulo some canonicalization and
> other munging), flag as a phish.
>
> Dead simple algorithm, and I'd guess it catches about 75% of phishing
> attempts. The ones it doesn't catch are the ones where the
> URL looks like this:
More information about the MIMEDefang
mailing list