On Wed, 12 Oct 2011, Christian Grunfeld wrote: > > Modifying headers -might- mess up DKIM, gpg, etc sigs (depending upon > > how they were done). Modifying bodies -will- mess up sigs. > > I was not specifically talking about dkim signed mails. It is clear > that body rewriting mess up sigs. It is also clear that phishers dont > use dkim ! and if they do you have the certainty that the originating > domain has nothing to do with what the content claims to be !...unless > the phishing comes from the same domain ! (really bizarre) ! :D
phishers -might- not dkim sign messages but other legimate messages (such as airline reservation confirmations) which do sign their messages -and- obfuscate URLS will get trashed. The problem is that if you re-write the body of all messages which have obfuscated URLs, then you will trash legimate messages. If you have some magic bullet that reliably detects phishes so you're sure you won't FP on obfuscate URLS, then you don't need that message re-write, just hit it with a spam score. But so far I havn't seen a successful antiphish magic bullet and I've seen lots of phishes. -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{