http://bugzilla.spamassassin.org/show_bug.cgi?id=4386
------- Additional Comments From [EMAIL PROTECTED] 2005-06-03 08:03 ------- Subject: Re: New: New rule suggestion: detect mismatched URIs and onMouseOver On Fri, Jun 03, 2005 at 04:21:58AM -0700, [EMAIL PROTECTED] wrote: > So for example (based on a real one, but not verbatim): > <a href="http://12.98.176.54/billing.ebay.com"; > onMouseOver="status='https://billing.ebay.com/'; return > true">http://billing.ebay.com/</a> 3.1 already has a rule to flag this specific type of href setup. > In this example SA could pick up on two things: SA could detect that the link > contents are themselves in the form of a URI ("http(s?)://" would do), and > then > that the href in the link refers to a URL that differs from that URI. Secondly It's not that simple. This has been discussed numerous times already on users@ and other tickets. In short, testing shows that assuming the anchor text URI and the href URI match in ham but not in spam is completely not valid and FPs wildly. > the use of onMouseOver in a mail is probably a good indicator of a suspicious > e-mail, thus warranting some extra score. Perhaps, I haven't tested any OMO rules. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
