[Spambayes] Anti Phishing suggestion

Frank Heile fheile at pacbell.net
Wed Jan 5 23:01:49 CET 2005

SpamBayes is GREAT!  I have told everyone I talk with that they should use
it to fight SPAM.  However, one thing SpamBayes does not protect against is
phishing emails.  Here is what I do manually - could some developer please
implement something like this in code for SpamBayes (or tell me why it won't

Whenever I get an email that is asking me to confirm or correct my personal
information at some Web site I get suspicious automatically.  Now in
Outlook, when the cursor is over a hyperlink inside a message, it will
display a popup showing the REAL URL that a click will take you to.  The
colored and underlined displayed text in the email message may be different
than this real URL.  So for any suspicious email, I just put my cursor over
the link (without clicking) and it usually shows an address like:


Whereas the text displayed for the link is something like:


So at that point it OBVIOUS (to me) that this is a fake phishing email since
paypal.com would NOT have used a numeric URL address in this way. Doesn't
everybody check suspicious hyper links like this before they click on the

Now, since I do this by hand, why can't SpamBayes do something like this
automatically?  For example, SpamBayes should be able to easily parse the
real URL and the displayed text for a link in an email message.  If the text
displayed looks like a URL address, it could do a DNS lookup on the address
like "www.paypal.com" and see that it does not match real URL
"123.456.234.567" and automatically mark the message as SPAM/Phish?

As a matter of fact, the DNS lookup is probably unneeded, since the fact
that a real looking label is used for a numeric address is pretty obviously
a phishing email.  In fact ANY numeric URL address is probably up to no good
and I would be happy if they are deleted as spam. 

Is there some flaw in my arguments?  Will the phishers soon overcome these
techniques (probably somehow, but I can't think of how).  Just Curious...

More information about the Spambayes mailing list