NAME

       Mail::SpamAssassin::Plugin::Phishing - check uris against phishing feed

SYNOPSIS

         loadplugin Mail::SpamAssassin::Plugin::Phishing

         ifplugin Mail::SpamAssassin::Plugin::Phishing
           phishing_openphish_feed /etc/spamassassin/openphish-feed.txt
           phishing_phishtank_feed /etc/spamassassin/phishtank-feed.csv
           body     URI_PHISHING      eval:check_phishing()
           describe URI_PHISHING      Url match phishing in feed
         endif

DESCRIPTION

       This plugin finds uris used in phishing campaigns detected by OpenPhish, PhishTank or PhishStats feeds.

       The Openphish free feed is updated every 6 hours and can be downloaded from
       https://openphish.com/feed.txt.

       The PhishTank free feed is updated every 1 hours and can be downloaded from
       http://data.phishtank.com/data/online-valid.csv.  To avoid download limits a registration is required.

ADMIN PREFERENCES

       The following options can be used in site-wide ("local.cf") configuration files to customize how the
       module handles phishing uris

       phishing_openphish_feed
           Absolute path of the downloaded OpenPhish datafeed.

       phishing_phishtank_feed
           Absolute path of the downloaded PhishTank datafeed.

       phishing_uri_noparam ( 0 | 1 ) (default: 0)
           If  this  option  is set uri parameters will not be take into consideration when parsing the phishing
           uris datafeed.  If this option  is  enabled  and  the  url  without  parameters  is  "generic"  (like
           https://www.kisa.link/url_redirector.php?url=...) the url will be skipped.

perl v5.40.1                                       2025-06-26             Mail::SpamAssas...lugin::Phishing(3pm)