What about combining this with a whitelist? I.e. I regularly get emails from target.bifn0.com that contain links that point to themselves, but say they are target.com.... And in fact, this is a 3rd party that Target has contracted to do outsource mailings for them, so in that respect they are legitimate. So I could easily whitelist them and continue to reject everyone else...
The other approach would be to push for an advisory standard (RFC) that explains how to encode URL's so that they aren't flagged as phishing. (No flames from pissy people please... you know who you are... ;-) I.e. that at a minimum the host portions of the URL and the label for the link would have to match... If the sender REALLY needs to have the link reside somewhere else, they could always have the published address send a Location: response that redirects you to the eventual resting place. -Philip Loren Wilton wrote: >The rule you suggest isn't particularly good. There are far too many legit >mails (mostly mailing list type of things) that do exactly what you want to >check for. So the FP rate is higher than most people would like. This has >been discussed many times in the past. > >That said, I believe there is at least one SARE rule that checks for exactly >what you want to look for. > > Loren > > >