On 4/22/2012 8:31 PM, haman...@t-online.de wrote:
a) phishers would probably move to hosting their own copies of the logos
Yup. However, spammers haven't completely adapted to greylisting, and still spam from SBL/ZEN listed IPs, so perhaps this would catch some of the long-hanging fruit?
b) some users of image resizers would see the warning sign reduced (I recently had someone complain about an error on our google maps "our office is here" page, and it turned out the visitor was using a smartphone via an image resize service)
Were you tripping on a lack of referrer, or was an image resizing service actually returning a completely incorrect referrer? When attacking phishing websites who are abusing legitimately hosted images, you should be able to return the correct image for requests that are completely missing a referrer, it's only when you get a third-party site in the referrer that you should return the "This is a phishing site!" image.
-- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren
