Hi,
I never tried something like that, but - if the visible link looks like an url and - the actual and visible url's are not related in some way (ideas: same ip, same netblock, subdomains of same domain) - or if the actual link looks like two url's concatenated (potential open redirector) and the visible link does not the message will look "suspicious". Assuming that some senders will create such mails, it would be a good idea to forward the message to recipient WITH warning markup, and also reject at mta level with a suitable explanation, so SA may not be the best place in the mail chain. If many sites do that, senders will eventually reconsider whether this is a good idea Wolfgang Hamann >> >> Didn't I just respond about this the other day? >> >> On Thu, Feb 02, 2006 at 05:56:06PM -0700, Steven Manross wrote: >> > <A >> > href=3D"http://www.whatever.com/secretphishersite/blah?something=3Dblahbl= >> ah" >> > >http://www.paypal.com/somethingsecure/this?that=3D1</A> >> > =20 >> > Or is that even possible? Or is it just expensive? :) >> >> Easily possible, but the rule performs horribly in real-life since it appea= >> rs >> in a ton of ham in the generic sense (<a href=3DXYZ>ABC</a>). It's all cov= >> ered >> in http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3D4255 >>
