[Mimedefang] Re: [SURBL-Discuss] Fw: Interesting Phishing Trick
Kevin A. McGrail
kmcgrail at pccc.com
Fri Mar 17 13:13:02 EST 2006
I've been working on this one closely as well and believe the problem is
definitely not solveable with a rule NOR is it even a legitimate test
without more parameters (see below). For example, I receive a wide variety
of news aggregation, press releases, etc. I'm seeing them use shortened URLs
ala tinyurl that differ from the URL text / protocol. I believe they do
this for tracking and HTML to text readability purposes.
In short, I don't believe this is a spam-esque trait though I am looking
forward to getting my newest server doing more corpus tests with the nightly
tests and spamassassin.
However, just today or yesterday there was a new rule that did an eval test
and some num of link proportions that I'm looking forward to seeing results
from. It was an idea from Fred Tarasevicius.
Regards,
KAM
> Saw this cross the SpamAssassin list today:
>
> <http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4255>
>
> Apparently a lot of legitimate mail has anchors with HTTP/HTTPS mismatch
> between the URL in the anchor's href and the URL in the body of the
anchor.
>
> I thought that instead of rejecting poor HTML, one could also use MD's
> reassembly feature to wrap invalid HTML with the validation report,
> including a warning at the top of any mismatches like this. PHB's would
> still get their pretty HTML, with a nice ugly report up front telling them
> how bad it is under the hood, and why it's hard to tell it from spam.
More information about the MIMEDefang
mailing list