[Esd-l] Back working on Phish sanitizing...
SmartD at VMCMAIL.com
Fri Feb 18 09:10:10 PST 2005
I've gotten a few more cycles to spend on catching phish attacks.
My thought is this. Just about every phish I've been looking at uses a IP
address url for the hyperlink. So, the filter I was thinking of was:
Which is an IP address URL. You could defang it by making the URL type
file: instead of http:. Or maybe gopher:
What do you think?
More information about the esd-l