3 Apr
2006
3 Apr
'06
7:44 p.m.
Hello list,
I received a phishing scam yesterday where the domain part of the evil link was in html hex code. This seems to defeat any SURBL listing. I'm using a postfix body check to handle it now, but does anyone have a better idea?
Thanks.
3 Apr
3 Apr
8:32 p.m.
Nathan Barham wrote:
I received a phishing scam yesterday where the domain part of the evil link was in html hex code. This seems to defeat any SURBL listing. I'm using a postfix body check to handle it now, but does anyone have a better idea?
Convert the HTML/hex back to a dotted IP address and then do a standard SURBL lookup on the IP address as described in the SURBL docs.
John.
--
John Graham-Cumming
jgc@jgc.org
Home: http://www.jgc.org/
Blog: http://www.jgc.org/blog/
POPFile: http://getpopfile.org/
GNU Make Standard Library: http://gmsl.sf.net/
GNU Make Debugger: http://gmd.sf.net/
Fast, Parallel Builds: http://www.electric-cloud.com/
Sign up for my Spam and Anti-spam Newsletter
at http://www.jgc.org/
6852
Age (days ago)
6852
Last active (days ago)
1 comments
2 participants
participants (2)
-
John Graham-Cumming -
Nathan Barham