>> >> That's because such a rule won't work. All manner of real mail ends up >> sending things that have a real link address different from the one shown in >> the link. Often it is a very minor difference, like https vs http, but >> sometimes there are no points of reality at all between them. This shows up >> a lot in stuff generated from databases. >>
Well, if there is a visible url to a different server than the one in real url, I would not only want to tag that as possible spam, but rather have a nice red 20pt headline added to the mail: WARNING - DO NOT CLICK - THESE LINKS MIGHT BE FORGED Of course, if the visible url says http://someshopping.com/camera/buy_canon and the real link is http://someshopping.com/cgi-bin/buy.cgi?prod=1381 AND the displayed url works too, no problem. The widespread use of a markup tool like this might even help to teach mail senders that this kind of mail is not wanted. To put it in other words: if phishing scam looks like ordinary "new products" from my favourite bookstore, and produce the same kind of "there is something wrong with the certificate" popup as my real bank does, it is not only the phishers to blame Just my 2c Wolfgang Hamann
