I was suggesting - a while ago, to make a more general check (which would probably be a plugin) - to detect phish based on different urls (e.g check whether they end up at the same ip) but was told that quite a lot of legit email have differing urls While I understand that datbased systems may generate links different from the displayed url, I still cannot see too many reasonable uses of different hosts (ip's might differ as part of a load balancing scheme, however)
Wolfgang Hamann Dan wrote: >I am trying to write a rule to catch phishing schemes of this nature: ><a href="123.123.123.123/login">http://legit-stie.com/login</a> >
