This is a placeholder for the Phisher project. Everything here may move.


Phisher is a SpamAssassin plugin which looks for anchors whose text resembles a domain name but whose href does not match the text.

For example, these would be caught:

<a href=""></a>
<a href=""></a>

The function also does some normalization of urls and domains, so some similar matches should not be caught. For example:

<a href=""></a>
<a href="">yahoo</a>
<a href=>do you yahoo?</a>


Feeble instructions for using it are in the header. If you are not comfortable screwing around with your SA config, or if you do not have access to the site-wide config files (, you probably won't be able to use this yet.

Why This Is A Bad Idea

This approach has been suggested before, usually as a regexp. Some people don't like the general approach because it can lead to false positives:

My opinion is that this is more a matter of setting appropriate scores, and letting the presence of the mismatched anchor inform SA, than a matter of not wanting to use it because it might be wrong (as, in fact, many SA rules FP all the time). Further, I think you can't implement this as a single line regexp because the string normalization becomes too hairy, and the pattern will break down all over the place. I tried it that way at first and it was a mess.

To Do