I've been trying out Netcraft's anti-phishing toolbar recently. Based on the phishing scams I receive (4-5 daily), the vast majority are already blocked by the time I receive them.

I thought I got quite a lot of phishing junk but the toolbar leaderboard shows that some people have blocked thousands of unique phishing URLs this month alone. I find this incredible.

I wonder how susceptible Netcraft's reporting mechanism is to non-canonical URLs? I.e., if the following was a phishing site received in an email:

http://example.com/badsite

Could you submit each of the following, individually?

http://example.com/badsite
http://example.com/badsite/
http://example.com/badsite/../
http://example.com/badsite/../../
http://example.com/./badsite 

etc. There has been an incentive to do so in the past.

One thing that does disappoint me about Netcraft is they are employing TMDA on some addresses connected to the toolbar. Anyone receiving challenge-response junk from petsupermarket@uol.com.br on debian lists can appreciate just how stupid these systems are.


Comments