Topic: Phishing - Visible hyperlink doesn't match actual URL

[pizzaco]

Hello,
We received a phishing email that contains link where the visible link indicates it goes to one URL, but the underling URL goes to totally different site.

In the past, these types of emails have been blocked because of the misleading link text. I'm not sure what part of the stack did the blocking but it was part of the SME standard setup (not a contrib or anything).

I trying to figure out why this wasn't blocked. Not sure if this is a change in functionality, a different scenario, or a bug.

Thanks!

[Jean-Philippe Pialasse]

this should be part of the qpsmtp package and on of its plugins.

Mostly spamassassin.

Have you changed your server ? Modified something ? upgrade fron 7 to 8 ?

[pizzaco]

No on all three.

[janet]

pizzaco

I trying to figure out why this wasn't blocked.

New exploits are always being created and released, and at some point in time your sme server virus & spam databases do not know about these (new exploits). When the sme server databases get updated daily (from external sources), then the new exploit will be identified & treated as spam or a virus etc and rejected or moved to junkmail folder.

Sometimes it takes a day or two for your sme server to catch up with the world.

[pizzaco]

OK. I won't worry about it for now. Thanks.