On Tue, 25 Aug 2015 08:25:30 -0400 Joe Quinn wrote: > On 8/25/2015 7:51 AM, RW wrote: > > On Tue, 25 Aug 2015 09:55:57 +0200 > > Tom Hendrikx wrote: > > > > > >> Basically every MUA I know will label the message as a possible > >> scam when you use the BAD version, which why you actually never > >> see it in non-spam mail, unless the editor was a real noob. > > That applies to spam too. > > > > Would this really have a significant effect on modern phishes? > It still works against a lot of people, even those who know what to > look for. It's easy to get complacent and click a link without > checking it first when you go through a hundred emails a day.
It's not really about whether it might work, but whether it's actually being used. The original post was about the current wave of phishes that are getting though SA. What I'm seeing is phishes that are convincing without using the domain miss-match which triggers a malicious link warming. I just wondered whether it had been established that domain mismatches are a common feature of the phishes that are getting through.
