I'm starting to see some new phishing/scam attempts.
What I was thinking was that it might be worthwhile to add a rule to not
so much check links, but count periods.
I was going to put in the web address that I received as an example, but I think
that's why this is a second attempt - the first one never went through.
Basically, it's a 'colonial bank' scam - it uses eleven sections to the domain
name - 10 periods. (What would that be - I mean, we have TLD for the
.com/net/etc, second level domain names for the bleah.com domains.. what would
you say it is for an 11th level?)
In general, you see fewer than four periods in a domain name - but I've
seen this sort of behavior in spams before.
Thoughts?
(I'm just a general administrator. I use other people's rules, I
haven't had time to learn to make my own)
BW
