You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2005/01/28 23:34:15 UTC
[Bug 4112] New: rule to detect misleading hyperlinks
http://bugzilla.spamassassin.org/show_bug.cgi?id=4112
Summary: rule to detect misleading hyperlinks
Product: Spamassassin
Version: 2.63
Platform: Other
OS/Version: other
Status: NEW
Severity: enhancement
Priority: P5
Component: Rules
AssignedTo: dev@spamassassin.apache.org
ReportedBy: gjanee@alexandria.ucsb.edu
(Sigh) I'm so sick of getting phishing emails. A common characteristic seems to be the use of
misleading hyperlinks, as in this example:
<a href="http://email.apollo-cn.idv.tw/webmail/database/.wamu/"
>https://login.personal.wamu.com/registration/CreateLogonEntry.asp</a>
A rule could be
<\s*a\s+href\s*=\s*['"](.*?)['"]\s*>(https?:.*?)</\s*a\s*>
where $1 != $2. But I don't know how to express that kind of condition as a simple regular expression.
Please forgive me if this RFE is off-base... I'm not a spamassassin expert, just a satisfied user.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4112] rule to detect misleading hyperlinks
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4112
------- Additional Comments From lwilton@earthlink.net 2005-01-28 19:22 -------
Subject: Re: New: rule to detect misleading hyperlinks
Good idea, and expressiable in an regex. But it doesn't work well.
There are too many legit sites that do things where there is a chanracter or
two difference between the uris, or they are even completely different.
This is especially bad in newsletters.
This is probably a case where more specifically targeted rules will have a
better chance of working. SARE has a number of anti-phishing rules that
work fairly well, although they could be improved. WAMU in particular is a
fairly new phishing target.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 4112] rule to detect misleading hyperlinks
Posted by bu...@bugzilla.spamassassin.org.
http://bugzilla.spamassassin.org/show_bug.cgi?id=4112
quinlan@pathname.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WONTFIX
------- Additional Comments From quinlan@pathname.com 2005-02-18 00:07 -------
Unfortunately, this is really common in legitimate mail. Don't ask me
why, but it is... I've tested this idea before quite extensively.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.