Bookworm wrote:
> I'm starting to see some new phishing/scam attempts.
>
> What I was thinking was that it might be worthwhile to add a rule to
> not so much check links, but count periods.
> Here's the example that just came in my email -
>
> (removing http:// ) -
> connect.colonialbank.webbizcompany.c6b5r64whf623lx 426xq.secureserv.onlineupdatemirror81105.colonial. certificate.update.65tw.com/logon.htm
>
>
> Notice that there are ten periods. That makes it be an eleventh level
> domain name?
>
> In general, you see fewer than four periods in a domain name - but
> I've seen this sort of behavior in spams before.
> Thoughts?
>
> (I'm just a general administrator. I use other people's rules, I
> haven't had time to learn to make my own)
>
> BW
>

I haven't, but I think a rule for this would be a good idea. I always
write rules then check them every so often with a custom perl script.