Loren Wilton a écrit :
I've written a number of rules to check for this, so have others. Yes, it
will catch some of the phish.
Unfortunately it also catches just an amazing amount of legit mail. I think
the last statistics were something like 50/50, or maybe even heavier on the
ham side. It just doesn't seem to occur to anyone writing html that there
should be an actual relationship between the real url and the displayed url.
Even checking for <a href="http://dotquad";>https://mybank.com</a> will get
hits on an amazing quantity of ham.
on the other hand, I sometimes see things like:
You have new mail on <a
href="http://hacker.example";>http://www.free.fr</a>
for one, I don't use webmail, and more importantly, www.free.fr isn't
the webmail url. the "silly" spammer is just adding www to my email
domain. now even this may cause FPs I guess.
