On 10/12/2011 2:25 PM, dar...@chaosreigns.com wrote: > On 10/12, Christian Grunfeld wrote: >> Many phishing mails exploit the bad knowledge of the difference >> between real url and link anchor text by simple users. So they show > Does spamassassin really not have a rule to detect this? I just dug > up a perfect example - trying to look like an email from youtube, with > something like > '<a href="http://phishingjunk.com";>http://www.youtube.com/stuff</a>', > and it didn't hit any rule that seemed relevant to that bit of deception. > > It certainly seems like it would be very useful. I see there's a > __SPOOFED_URL rule, but it's hard to read and doesn't have a description.
This is an issue that comes up on this list occasionally. It sounds like a good idea at first, but when you start looking into it, you find that there is WAY too much legitimate email that does this for the rule to be useful. -- Bowie
