HTML5 wbr tag causes phising detection

Mark Sapiro

2013-11-09 01:29:05 UTC

Post by mattias berge
The html5 wbr tags seem to cause MailScanner to think of a link as
different from the title.
Min presentation: <a
href="http://host/kategori_blogg/buzz-kommunikation/something-something-i-something-something"
target="_blank">http://host/kategori_blogg/buzz-kommunikation/somthing-something-i-something-something</a>/
This gives the "MailScanner has detected a possible fraud". Is this a
known problem?
Mailscanner 4.84.5

I'm running MailScanner 4.84.6 which shouldn't be different from 4.84.5
in this respect, but I tested with a message containing exactly the
above HTML but with 'host' replaced by 'msapiro.net' in both cases, and
it did not trigger the possible fraud detection.

I then retested with 'msapiro.net' as the host in the href and
'ms2.msapiro.net' as the host in the text, and it did trigger the
possible fraud detection.

In both cases, there was a tag in the text, i.e.
'http://msapiro.net/...' in the first case and
'http://ms2.msapiro.net/...' in the second.

Thus, I have to conclude this is not an issue in MS 4.84.6.

Aside: Why would Microsoft Office or whatever generated this HTML in the
first place want to allow breaking the text in the middle of a
representation of a URL?

--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan