[Mimedefang] [OT] Fw: Interesting Phishing Trick

David F. Skoll dfs at roaringpenguin.com
Fri Mar 17 13:04:55 EST 2006

Kevin A. McGrail wrote:

> After testing and researching this rule for a few days, I found it has
> pretty high FPs almost always on legitimate advertisements and mailing lists
> as well as aggregated news reports.  A lot of them seem to use url
> shortening techniques ala tinyurl that cause this issue to rear it's head.
> I don't think this is a good rule.

Right; this is what the SA people said.  Nevertheless, we ship this rule
as part of CanIt and haven't had any complaints about it.  IMO, people
who play tricks with https: URLs deserve to have their mail blocked,
because they're only making it easier for phishing schemes to succeed.

I realize that the SA team cannot accept my personal hot-button as
policy :-) and respect their decision.



More information about the MIMEDefang mailing list