mouss wrote:
Richard Leroy a écrit :
My point is that I want to make this check an "integrity check". If
you choose to display a URL, then it must match the real URL, nothing
else. Too bad if it is classified as a false-positive. The benefits
in helping stop "phishers" are way larger than the advantage of
displaying a different URL than the advertised one.
but then you are adding requirements to what a display text is. The
following is fully legitimate.
a url is somethink like <a href=http://en.wikipedia.org/Url>
example.com </a>
and what to do if it's not a url? something like
<a href=http://www.something.example> the site of foo.example </a>
is legitimate, but something like
<a href=http://www.hacker.example> visit www.bank.com </a>
is not.
Also, as already said, some legitimate opt-in newsletters do use this
trick to implement tracking. you can consider this bad practice, but
not everybody can afford to block legitimate opt-in
newsletters/services/...
Also, I will feel better if a email is classified as a false-positive
if it has hits on this rule than any other rule, because I can say
that the sender is in part related to classification error.
sure, but those of us concerned with FPs prefer to find other ways to
detect spam.
The situation I am talking about is when the text IS a URL.
I don't want to block this: <a href="http://www.hacker.com";>CLICK HERE
!!!</a>. I understand that this situation happens frequently.
I want to bloc URLs when the text has http:// before it, like in this
example: <a href="http://www.hacker.com";>http://www.real-bank.com</a>
Thanks for replying,
--
Richard Leroy
[EMAIL PROTECTED]
