https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7940
Bug ID: 7940
Summary: URI_PHISH false positive
Product: Spamassassin
Version: unspecified
Hardware: PC
OS: Mac OS X
Status: NEW
Severity: normal
Priority: P2
Component: spamassassin
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
I am getting the following result in confirmation emails URI_PHISH=3.717 when I
include both text and html. When I just do html I do not get the URI_PHISH
positive. From my understanding this is to prevent links with text that tries
to trick the user like:
<a href="http://evil-website.com/some_phishing_form";>https://paypal.com</a>
Mine does not do that. The same exact link does not get marked as URI_PHISH if
I exclude the text template. See below example email:
------------------------------------------------------------------------
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from nextgenappsllc.com
by grootchema.nextgenappsllc.com (Dovecot) with LMTP id
6OSXMsWLgWGuEgAAQQk82Q
for <[email protected]>; Tue, 02 Nov 2021 15:04:37 -0400
Received: by nextgenappsllc.com (Postfix, from userid 115)
id C8D8C3EAB6; Tue, 2 Nov 2021 15:04:37 -0400 (EDT)
Authentication-Results: nextgenappsllc.com;
dkim=pass (2048-bit key; unprotected) header.d=venue2you.com
[email protected] header.b="h0fAIUmz";
dkim-atps=neutral
Received: from mail.venue2you.com (mail.venue2you.com [170.187.146.47])
by nextgenappsllc.com (Postfix) with ESMTPS id C2AD93EA16
for <[email protected]>; Tue, 2 Nov 2021 15:04:35 -0400 (EDT)
Authentication-Results: mail.venue2you.com (amavisd-new);
dkim=pass (2048-bit key) reason="pass (just generated, assumed good)"
header.d=venue2you.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=venue2you.com; h=
content-transfer-encoding:content-type:mime-version:subject
:message-id:to:reply-to:from:date; s=dkim; t=1635879875; x=
1638471876; bh=UYIN8kVY626mO7//mPbnMdEQY/Sp1tkN39zd4pqfBBs=; b=h
0fAIUmz8A6i0JpsRktulCUJC08POzOXbjhNrHpi9xGi006y+vbRT6FNJY/4M7pRC
C4cWsmyrBaOvckIreRb8DETa873RwS95XM5bYIDGpPmW4RAJFNoPaA8nRBPA92Z8
K87xfozAa7chXojLRpQjMSX9byI0KCwp8J/bcYXuYfM6WltI79sEZFN8iW7A2p9r
ouJzYWI64gRmDm9A+9TXjoA88IhQqKZkOpSOp3DvRMYDVUXy4cixa+OxJSHojw6/
HoCSjpqQM7ovASFxXRTvVPpBrNxa2W+1FCRh1Y6PK8AHeWqXLzvry7aNxuv8j980
e6nCutPJzXkCEvtbjkNEA==
X-Virus-Scanned: Debian amavisd-new at mail.venue2you.com
X-Spam-Flag: NO
X-Spam-Score: 3.717
X-Spam-Level: ***
X-Spam-Status: No, score=3.717 tagged_above=2 required=6.2
tests=[HTML_MESSAGE=0.001, NO_RECEIVED=-0.001, NO_RELAYS=-0.001,
URIBL_BLOCKED=0.001, URI_PHISH=3.717] autolearn=no autolearn_force=no
Date: Tue, 02 Nov 2021 15:04:34 -0400
From: [email protected]
Reply-To: [email protected]
To: [email protected]
Message-ID: <[email protected]>
Subject: Confirmation instructions
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="--==_mimepart_61818bc2c05f3_12bf7404c54a6";
charset=UTF-8
Content-Transfer-Encoding: 7bit
----==_mimepart_61818bc2c05f3_12bf7404c54a6
Content-Type: text/plain;
charset=UTF-8
Content-Transfer-Encoding: 7bit
Welcome [email protected]!
You can confirm your account email through the link below:
------------------------------------------------------------------------
----==_mimepart_61818bc2c05f3_12bf7404c54a6
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style>
/* Email styles need to be inline */
</style>
</head>
<body>
<p>Welcome [email protected]!</p>
<p>You can confirm your account email through the link below:</p>
<p><a
href="https://venue2you.com/users/confirmation?confirmation_token=yJwJKQM2t5UcNtCzqDz1";>Confirm
my account</a></p>
</body>
</html>
----==_mimepart_61818bc2c05f3_12bf7404c54a6--
------------------------------------------------------------------------
This is an example of the email with the same link not showing up positive:
------------------------------------------------------------------------
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from nextgenappsllc.com
by grootchema.nextgenappsllc.com (Dovecot) with LMTP id
KE0vA0aMgWHXEgAAQQk82Q
for <[email protected]>; Tue, 02 Nov 2021 15:06:46 -0400
Received: by nextgenappsllc.com (Postfix, from userid 115)
id 070D43EAB6; Tue, 2 Nov 2021 15:06:46 -0400 (EDT)
Authentication-Results: nextgenappsllc.com;
dkim=pass (2048-bit key; unprotected) header.d=venue2you.com
[email protected] header.b="DlpwO/Ka";
dkim-atps=neutral
Received: from mail.venue2you.com (mail.venue2you.com [170.187.146.47])
by nextgenappsllc.com (Postfix) with ESMTPS id 0008F3EA16
for <[email protected]>; Tue, 2 Nov 2021 15:06:43 -0400 (EDT)
Authentication-Results: mail.venue2you.com (amavisd-new);
dkim=pass (2048-bit key) reason="pass (just generated, assumed good)"
header.d=venue2you.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=venue2you.com; h=
content-transfer-encoding:content-type:mime-version:subject
:message-id:to:reply-to:from:date; s=dkim; t=1635880003; x=
1638472004; bh=VE8ZAPuNjTT1faRccAt119zMTZvdcnz9fY48iK26ngc=; b=D
lpwO/Ka27qkAaQJJyVpGaBqiLhd2DW/HdTgZtlEqHV+zbrcyuSEODQ/IPqAreilF
zi/IqQYcOvTY5+8xdqOeVQo6DBin0W40qvYNKF0fu9YrBC9azN8MApxWuhrZbrja
ucpSjdX1P4CWCniH6R1mBtVsoh7SYLXzR8MbOvjOYqTSGVin5kIsCZhoj4wVGvoW
ZYqxvEUmuykIa1ur0ZGJZCkQUY5XyyPYvCMrjSZF1Y1msPQKjJYzi4fPKcf5WrqX
nJm3aLJ93zlUGkGV+cwxb+8SEgB1MpQ+k+WWfXznvFpD20l2aqQEc0RN6GLR9guK
NIXnsZxcpFflNk6ApJrsg==
X-Virus-Scanned: Debian amavisd-new at mail.venue2you.com
Date: Tue, 02 Nov 2021 15:06:42 -0400
From: [email protected]
Reply-To: [email protected]
To: [email protected]
Message-ID: <[email protected]>
Subject: Confirmation instructions
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style>
/* Email styles need to be inline */
</style>
</head>
<body>
<p>Welcome [email protected]!</p>
<p>You can confirm your account email through the link below:</p>
<p><a
href="https://venue2you.com/users/confirmation?confirmation_token=yJwJKQM2t5UcNtCzqDz1";>Confirm
my account</a></p>
</body>
</html>
------------------------------------------------------------------------
--
You are receiving this mail because:
You are the assignee for the bug.
