False positive being reported for ContactMonkey.com URLs

[liamtim]

I'm unsure where else I can report this bug due to the lack of communication channels. Please let me know if I should report this elsewhere.

Describe the bug A clear and concise description of what the bug is.

MailScanner is reporting our website as being definite fraud incorrectly:

Task

• [ ] Please add contactmonkey.com to your allowed list of URLs.

[github-actions[bot]]

Thank you for submitting your first issue to MailScanner! We will respond to you soon!

[msapiro]

The MailScanner list is built from the https://www.phishtank.com/ list. Ideally you can get them to remove any urls in the contactmonkey.com domain. Otherwise, perhaps @jcbenton can arrange for contactmonkey.com to be added to the dynamically generated http://phishing.mailscanner.info/phishing.safe.sites.conf.gz file.

[jcbenton]

It is not a bug. Some asshat scammer used your service for nefarious activity in the past, which lands that activity on phishtank.com, which then lands you on this list. Yeah, I know, not your fault ... ad hominem.

Examples: http://www.phishtank.com/phish_detail.php?phish_id=7117628 http://www.phishtank.com/phish_detail.php?phish_id=7117607

I have added your domain to the safe sender list for now. Keep an eye out for abuse of your services or you will end up right back on the list.

[liamtim]

Thanks @jcbenton! Any advice on the best method to keep an eye out for abuse reports? We use AWS monitoring currently, but it's completely separate to a recipient reporting us to the likes of Phishtank

[liamtim]

I wanted to provide you with an update here. About 6 months ago this user was flagged by AWS as using our tool for phishing. As soon as it was reported, we banned the user, as well as redirected any malicious URLs they included to google.com.

Thanks for adding our domain to the safe sender list, it's much appreciated.

[liamtim]

@jcbenton How long does your safe sender list take to propagate to users of your software? We're still seeing our domain being flagged (as of yesterday) from recipients who are using mailscanner.

[jcbenton]

@liamtim The current list does not contain your domain. I have no control over administrators around the world using MailScanner. If they do not run the update script, then they are not going to get the updates. You need to take it up with them.