[Mimedefang] [OT] Fw: Interesting Phishing Trick
David F. Skoll
dfs at roaringpenguin.com
Fri Mar 17 13:04:55 EST 2006
Kevin A. McGrail wrote:
> After testing and researching this rule for a few days, I found it has
> pretty high FPs almost always on legitimate advertisements and mailing lists
> as well as aggregated news reports. A lot of them seem to use url
> shortening techniques ala tinyurl that cause this issue to rear it's head.
> I don't think this is a good rule.
Right; this is what the SA people said. Nevertheless, we ship this rule
as part of CanIt and haven't had any complaints about it. IMO, people
who play tricks with https: URLs deserve to have their mail blocked,
because they're only making it easier for phishing schemes to succeed.
I realize that the SA team cannot accept my personal hot-button as
policy :-) and respect their decision.
More information about the MIMEDefang