The most recent 20 comments posted to Making Light by Andy M:

Show all comments by Andy M.

Posted on entry "Dealing with the phishing problem is so simple that I can't see how to found a company to do it." ::: August 12, 2005, 03:22 PM:

Oops, previous post was for Jeremy, not Josh.

Posted on entry "Dealing with the phishing problem is so simple that I can't see how to found a company to do it." ::: August 12, 2005, 03:12 PM:

Josh,

Quite often email announcements will do things like:

Visit [a href="http://blahblah.mysite.com"]mysite.com[/a] for more info!

And that will trigger a phishing detector. Or even:

Visit [a href="http://mysite.newslettersite.com"]mysite.com[/a] to sign up for our newsletter!

Whether they should be doing this, and training users that redirects like that are okay, is of course another matter entirely. But it happens a lot, and building a phishing detector to decide which URLs are similar enough to each other is a heck of a lot harder...

Posted on entry "Dealing with the phishing problem is so simple that I can't see how to found a company to do it." ::: August 12, 2005, 09:33 AM:

Jeremy,

This may not be remarkably helpful to you personally, but MailScanner does just that with its Phishing detector. It replaces all URLS of this type with a big red warning. Of course there are a lot of false positives, so it supports whitelisting, and there's a growing default whitelist provided with the package. Now if only GMail would use MailScanner, we could all be happy.

Comment statistics for Andy M on the Making Light blog

Year	Number of comments posted
2005	3

Total: 3 comments. View all these comments on a single page.