...
I have a great idea for an anti-phishing rule, detecting links that claim to be linking to a different URL than their real target! Will it work?
Take a look at \[http://issues.apache.org/SpamAssassin/show_bug .cgi?id=4255 bug 4255\] in our Bugzilla -- – this idea has been tried in many forms, and mostly unsuccessfully. A lot of nonspam senders use this, for some reason. Wiki Markup
Here are some examples of real-world false positives:
No Format |
---|
<a href="http://www65.americanexpress.com/clicktrk/Tracking?mid=MESSAGEID&msrc=ENG- ALERTS&url=https://www.americanexpress.com/estatement/?12345">https:// www.americanexpress.com/estatement/?12345</a> <A HREF="http://echo.epsilon.com/WebServices/EchoEngine/T.aspx?l=ID">https://www.hilton.com/ en/ww/email/tab_email_subscriptions.jhtml</A> |
If you'd like to comment further, please do so \[http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4255 on bug 4255\]. Wiki Markup