On 6/11/2014 11:54 AM, Axb wrote:
On 06/11/2014 05:52 PM, Joe Quinn wrote:
On 6/11/2014 11:44 AM, John Hardin wrote:
Folks:
I just came across a PayPal phish that has a potentially useful
indicator: the domain referenced in the URI has no MX record defined,
so it cannot accept email.
Would it be worth another DNS query in URIBL to check whether the
domain has an MX record, and add a point if not?
Just off the top of my head, it may cause issues with mass email
services like Constant Contact which send their email from oodles of
CDN-like alternate domains which aren't intended to receive email.
I expect you would need to limit it to headers that are clearly intended
to receive messages (ie, Reply-To, Return-Path, From if the other two
headers are not present, etc).
Shouldn't the URIBL plugin only looks at msg body and not headers..
I don't think so. If you run this rule on a message body that uses a
shortener like goo.gl, it will see that there is no MX record for goo.gl
and FP.
