You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/02/15 21:40:40 UTC
[Bug 5829] New: PhishTag - SpamAssassin plugin for redirecting links in incoming emails.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5829
Summary: PhishTag - SpamAssassin plugin for redirecting links in
incoming emails.
Product: Spamassassin
Version: unspecified
Platform: All
URL: http://umut.topkara.org/PhishTag
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Plugins
AssignedTo: dev@spamassassin.apache.org
ReportedBy: umut@topkara.org
PhishTag enables administrators to rewrite links in emails that trigger certain
tests; preferrable blacklist tests. The plugin will inhibit the blocking of a
portion of the emails that trigger the test by SpamAssassin, and let them pass
to the users' inbox after the rewrite. It is useful in providing training to
email users about company policies and general email usage.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5829] PhishTag - SpamAssassin plugin for redirecting links in incoming emails.
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5829
------- Additional Comments From umut@topkara.org 2008-02-18 21:18 -------
> hmm -- interesting. so the idea is to use this for user training?
> Do you see this as something that admins want? (I hadn't heard
> of the concept before.)
One of the uses will be training, but I think an equally important use is to
quantify the vulnerability of the users of an email service; a corporate IT
service can use it to estimate the impact of a targeted phishing attack on their
employees. Of course they would have to setup either a redirect web page or a
proxy to count the number of visits to the detour web page.
Otherwise, if it is used for training, the concept is commonly called "embedded
training". You can learn more about the related literature and research issues
from a recently published article by researchers at CMU on how to design such
training systems:
http://scholar.google.com/scholar?cluster=12192065727047269146
The idea is that to show the users how they fall for the attacks through
first-hand experience, and then give the training material; instead of just
plainly bombarding them with didactic policy documents.
I would be very happy to improve the code/add new functionalities upon feedback.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5829] PhishTag - SpamAssassin plugin for redirecting links in incoming emails.
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5829
------- Additional Comments From jm@jmason.org 2008-02-18 13:25 -------
(In reply to comment #1)
> Hi All,
>
> I have written a plugin that can be used to divert some of the blocked emails
> back to the users' inboxes after rewriting the URLs inside them. The plugin can
> be used to train the users on company policies on email use as well as against
> phishing and other online fraud.
>
> The plugin triggers probabilistically given a set of SpamAssassin tests flag
> positive. Preferrably the emails should not have any scripts, as an adversary
> can use this to re-re-write the URL once the user opens the email.
>
> Anyway, check the code, let me know what you think. All sorts of feedback is
> welcome.
hmm -- interesting. so the idea is to use this for user training?
Do you see this as something that admins want? (I hadn't heard
of the concept before.)
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 5829] PhishTag - SpamAssassin plugin for redirecting links in incoming emails.
Posted by bu...@bugzilla.spamassassin.org.
http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5829
------- Additional Comments From umut@topkara.org 2008-02-15 12:46 -------
Hi All,
I have written a plugin that can be used to divert some of the blocked emails
back to the users' inboxes after rewriting the URLs inside them. The plugin can
be used to train the users on company policies on email use as well as against
phishing and other online fraud.
The plugin triggers probabilistically given a set of SpamAssassin tests flag
positive. Preferrably the emails should not have any scripts, as an adversary
can use this to re-re-write the URL once the user opens the email.
Anyway, check the code, let me know what you think. All sorts of feedback is
welcome.
-umut
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.