Michael,

Thank you for explaining so clearly what's going on!

I'm really interested in trying it out now, but I believe I'll try your suggestion about editing the CNM file. Thanks for that tip, too! (Paranoid? Who, me? [:^)] )

Dave

I got an obvious phishing Email. The HTML text contained a hyperlink where the '<a' tag's src pointed to one web site, while the readable text read 'http://twitter.com/account/.....'

I expected Pegasus (with BearHTML) to block this, but it the cursor remains a 'hand' instead of the expected 'stop' sign. Not that it fools anyone, but I'm curious why this one is not being flagged.

Please send me a copy of one of these messages (irelam@telus.net)

Thanks

     Martin

I emailed you the CNM file as an attachment. Let me know if you didn't get it - it's bound to be snared by any spam filter that looks at it.

Eduardo

No sign of it so far.  Could you just mail me the A tag without the < and >, and the text string that gets displayed please

Martin

I just sent the offending HTML via email.

Eduardo

Where did you send it to?  I have seen nothing yet :-((

My server says it talked to your server and the email was accepted. Here's the log from my Mercury. I believe 204.209.205.52 is the MX server for telus.net Times are PDT, and are accurate.

T 20100912 183537 4c8c97e8 Begin processing job MO00009A from subelman@markmatrix.com
T 20100912 183538 4c8c97e8 Established ESMTP connection to 204.209.205.52
T 20100912 183538 4c8c97e8 MAIL FROM:<subelman@markmatrix.com> SIZE=2270
T 20100912 183538 4c8c97e8 250 Ok
T 20100912 183538 4c8c97e8 RCPT TO:<irelam@telus.net>
T 20100912 183539 4c8c97e8 250 Ok
T 20100912 183539 4c8c97e8 Connection closed normally.

The other email that never made it had a similar log entry.

problem resolved by upgrading to Bearhtml 4.6.9.

[quote user="subelman"]I got an obvious phishing Email. The HTML text contained a hyperlink where the '<a' tag's src pointed to one web site, while the readable text read 'http://twitter.com/account/.....'

I expected Pegasus (with BearHTML) to block this, but it the cursor remains a 'hand' instead of the expected 'stop' sign. Not that it fools anyone, but I'm curious why this one is not being flagged.[/quote]

(Apologies if this has already been answered, but I didn't find it in a search.) I'm now having the above problem occur with Pegasus 4.62, Build 191, using IERenderer (which is GREAT otherwise!). My past versions of Pegasus always blocked phishing hyperlinks (which is nice reassurance that one won't make that one fatal "slip"), but I've received a number of phishing e-mails lately that don't trigger any blocking from Pegasus. Only by looking at the "raw view" or by copying/pasting the link target into Word or Wordpad can I see that the underlying link is completely different from the one displayed.

And yes, I have Tools > Options > Incoming Mail > Hyperlinks > "Check for suspicious..." selected.

Thanks.

[quote user="Dave Bellerophon"](Apologies if this has already been answered, but I didn't find it in a search.) I'm now having the above problem occur with Pegasus 4.62, Build 191, using IERenderer (which is GREAT otherwise!). My past versions of Pegasus always blocked phishing hyperlinks (which is nice reassurance that one won't make that one fatal "slip"), but I've received a number of phishing e-mails lately that don't trigger any blocking from Pegasus.[/quote]

It's not "the above problem" since IERenderer works differently: It only does the check on clicking the URL since it might otherwise block further Pegasus Mail actions if just doing the check on hovering (it starts with a DNS look-up, e.g., for checking whether the target is valid at all, then proceeds with further checks): Click it and you'll most probably get what you want (if you don't dare to edit the CNM file in your new mail directory to point to a harmless website instead).