[Esd-l] RE: Esd-l Digest, Vol 26, Issue 2
sanitizer at nyfix.co.uk
Fri Feb 18 12:15:29 PST 2005
> OK, not so easy. Looking at a few more, they are using oddball hostnames.
> This may be better done in SpamAssassin with scoring.
>> Subject: [Esd-l] Back working on Phish sanitizing...
>> I've gotten a few more cycles to spend on catching phish attacks.
>> My thought is this. Just about every phish I've been looking
>> at uses a IP address url for the hyperlink. So, the filter I
>> was thinking of was:
>> Search for
Agreed (FWIW). All the phishing I've seen here have been modified domain names <in the source>.
And resolvable to `behind-the-iron-curtain`. (while not wanting to reopen old wounds...)
More information about the esd-l