This is a placeholder for the Phisher project. Everything here may move.
Phisher is a SpamAssassin plugin which looks for anchors whose text resembles a domain name but whose href does not match the text.
For example, these would be caught:
<a href="http://18.104.22.168/bankamerica_fraud/">www.bankamerica.com</a> <a href="http://www.goat.cx/">www.yahoo.com</a>
The function also does some normalization of urls and domains, so some similar matches should not be caught. For example:
<a href="http://www.yahoo.com/">yahoo.com</a> <a href="http://www.yahoo.com/">yahoo</a> <a href=http://www.yahoo.com/>do you yahoo?</a>
Feeble instructions for using it are in the header. If you are not comfortable screwing around with your SA config, or if you do not have access to the site-wide config files (local.cf), you probably won't be able to use this yet.
This approach has been suggested before, usually as a regexp. Some people don't like the general approach because it can lead to false positives:
My opinion is that this is more a matter of setting appropriate scores, and letting the presence of the mismatched anchor inform SA, than a matter of not wanting to use it because it might be wrong (as, in fact, many SA rules FP all the time). Further, I think you can't implement this as a single line regexp because the string normalization becomes too hairy, and the pattern will break down all over the place. I tried it that way at first and it was a mess.