We get a lot of phishing spam, and we have to deliver it to our users. Most of it gets classified as spam and moved into the user’s “Junk Mail” folder. However, we’ve got a number of users that have been reporting these scams as “not spam” to us. It’s disturbing, because they don’t trust the spam filters now, and they’re probably clicking the links in the email. Could vendors add a feature to antivirus and spam detection systems (like Sophos’ PureMessage) where we could rewrite the beginning of the email to indicate a scam? Or maybe remove all the URLs from the email message? I see it as an extension of virus detection, only with a different rule set to trigger it.
I’d like that a lot.