tomtakan
commented
8 years ago Are you saying there is no url scheme but it is still flagged as phishing ? I am going to try and replicate and fix this issue.
Closed rmoesbergen closed 8 years ago
tomtakan
commented
8 years ago Are you saying there is no url scheme but it is still flagged as phishing ? I am going to try and replicate and fix this issue.
rmoesbergen
commented
8 years ago Yes. We're an IT company and many of our engineers communicate about IP subnet's like the example above. These are now tagged as phishing, which is not correct.
tomtakan
commented
8 years ago I have just tested this an 10.1.2.3/24 does not trigger a phishing flag. It could be that your mail clients are setup to authomatically format links.
rmoesbergen
commented
8 years ago You are correct. Outlook (among other clients) converts this to a http:// link when setup to do so. I can't think of way to correctly detect (and ignore) this, so I guess this works as advertised :)
When finding numeric phishing links (https links to numeric only ip addresses), a subnet declaration gets detected as a phishing link. For example:
10.1.2.3/24
by itself gets detected as a 'numeric only' link and a warning message is prepended. Maybe only trigger this when there's http.*// in front of it?