[Esd-l] Back working on Phish sanitizing...

Smart,Dan SmartD at VMCMAIL.com
Fri Feb 18 09:10:10 PST 2005

I've gotten a few more cycles to spend on catching phish attacks.
My thought is this.  Just about every phish I've been looking at uses a IP
address url for the hyperlink.  So, the filter I was thinking of was:
Search for  
Which is an IP address URL.  You could defang it by making the URL type
file: instead of http:.  Or maybe gopher:
What do you think?

More information about the esd-l mailing list