[EMAIL PROTECTED] wrote:
<A HREF="http://hacker.com";>http://legit-bank.com</a>
On top of my mind, I never saw a situation like this in real life,
except in phish emails.
I see this all the time in promotional emails (spam, not phish) to track
> clickthrough.
I see it on legit mail too, including a couple of newsletters and, in
one case, an "item not won" notice from eBay. Yes, it was legit. This
has caused a number of legit messages to trip Thunderbird's new phishing
filter.
It's a poor practice, and in the case of eBay they seem to do the right
thing on their other notices (either matching the URL to the text or
using descriptive link text instead of a hostname), but sad to say there
*is* legit mail that uses redirectors in this fashion.
So it's worth scoring, but not safe to score too highly or use as
rejection criteria unless you whitelist the legit senders (or convince
them to change their ways).
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
