Esta página aún no está disponible en tu idioma.

Phishing Detection

Phishing Detection provides automated protection against malicious URLs by leveraging open-source threat intelligence.

It uses data from PhishTank (operated by Cisco Talos Intelligence Group) to identify and block known phishing attempts.

This feature helps secure your applications by:

Detecting phishing URLs in real-time.
Protecting form submissions and user-generated input.
Enhancing inbound email with the Email Spam Filter.

Resources

API Documentation

Feature Highlights

Continuously updated database of verified phishing URLs (≈50,000 entries).
Sub-millisecond lookup times for minimal performance impact.

Implementation Guide

Phishing Detection is integrated into the Classifier and Email Spam Filter to assist in identifying potential spam.

When a verified phishing URL is detected, the rule URL_PHISHING is triggered and the input is marked as spam.

To use phishing detection directly in your applications or services, call the POST /v1/phishing endpoint with the URL you want to check:

Request
Response

curl -X POST http://localhost:8080/v1/phishing \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer {API_KEY}" \
  -d '{
    "url": "https://example.com"
  }'

{
  "id": "123456",
  "info": "http://www.phishtank.com/phish_detail.php?phish_id=123456",
  "phishing": true,
  "submittedAt": 1758308530,
  "target": "Other",
  "time": 0.67
}

Configuration

Phishing detection is enabled by default with the following configuration:

Default values for ENV variables:

PHISHING_LIST_URL: https://data.phishtank.com/data/online-valid.csv
PHISHING_LIST_SCHEDULE: 0 */12 * * * (updates every 12 hours)

If you are a registered member of PhishTank.org, you can configure an authenticated URL with your app key as described in their documentation.

To disable loading of the phishing database, set the PHISHING_LIST_URL environment variable to an empty string.