question regarding phishing warning

ovizii · Post by **ovizii** » 03 Jan 2017 11:34

I saw this in my maillogs:

Jan  3 12:13:51 efa MailScanner[32242]: Found phishing fraud from http://192.168.220.2/cgi-bin/learn-msg.cgi?id=531331003B1.A90C5&token=65ddff8582d38e1d644f48b9e73bc03c claiming to be clickheretoreportthismessageasspam in 9715F1003B1.A068E

the entry in inline.sig.in.html looked like this

Code: Select all

<a href="http://192.168.220.2/cgi-bin/learn-msg.cgi?id=$id&token=$token">Click here to report this message as SPAM.</a>

I have now changed this to:

Code: Select all

Click <a href="http://192.168.220.2/cgi-bin/learn-msg.cgi?id=$id&token=$token">here</a> to report this message as SPAM.

hoping that will fix it but I don't understand why the original was caught anyway seeing that the link text was not a domain but separate words?