[Spambayes] Anti Phishing suggestion
Frank Heile
fheile at pacbell.net
Wed Jan 5 23:01:49 CET 2005
SpamBayes is GREAT! I have told everyone I talk with that they should use
it to fight SPAM. However, one thing SpamBayes does not protect against is
phishing emails. Here is what I do manually - could some developer please
implement something like this in code for SpamBayes (or tell me why it won't
work?):
Whenever I get an email that is asking me to confirm or correct my personal
information at some Web site I get suspicious automatically. Now in
Outlook, when the cursor is over a hyperlink inside a message, it will
display a popup showing the REAL URL that a click will take you to. The
colored and underlined displayed text in the email message may be different
than this real URL. So for any suspicious email, I just put my cursor over
the link (without clicking) and it usually shows an address like:
http://123.456.234.567/something...
Whereas the text displayed for the link is something like:
http://www.paypal.com/login.php
So at that point it OBVIOUS (to me) that this is a fake phishing email since
paypal.com would NOT have used a numeric URL address in this way. Doesn't
everybody check suspicious hyper links like this before they click on the
link?
Now, since I do this by hand, why can't SpamBayes do something like this
automatically? For example, SpamBayes should be able to easily parse the
real URL and the displayed text for a link in an email message. If the text
displayed looks like a URL address, it could do a DNS lookup on the address
like "www.paypal.com" and see that it does not match real URL
"123.456.234.567" and automatically mark the message as SPAM/Phish?
As a matter of fact, the DNS lookup is probably unneeded, since the fact
that a real looking label is used for a numeric address is pretty obviously
a phishing email. In fact ANY numeric URL address is probably up to no good
and I would be happy if they are deleted as spam.
Is there some flaw in my arguments? Will the phishers soon overcome these
techniques (probably somehow, but I can't think of how). Just Curious...
More information about the Spambayes
mailing list