You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2006/09/13 16:32:11 UTC

[Bug 5099] New: Include PIRT's phish feed in SA

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5099

           Summary: Include PIRT's phish feed in SA
           Product: Spamassassin
           Version: SVN Trunk (Latest Devel Version)
          Platform: All
               URL: http://www.castlecops.com/pirt
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Plugins
        AssignedTo: dev@spamassassin.apache.org
        ReportedBy: paul@computercops.biz


Greetings, I was hoping that SA would include our free phish feed to help
protect its users.  You can see who we currently feed to here:

www.castlecops.com/pirt

The feed can be distributed via email to a central SA or via an XML feed with
tags for phish URLs, IPs, ASNs, titles and status.

Having the feed in SA would be a huge benefit.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5099] Include PIRT's phish feed in SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5099





------- Additional Comments From paul@computercops.biz  2006-09-13 16:21 -------
Thanks to both Theo and Justin.  Yes SURBL is currently taking our feed.  This
is a list of groups that currently do:

Alice's Registry, Anti-Phishing Working Group, Australian Computer Emergency
Response Team (AusCERT), Authentium, Blue Coat, Brand Dimensions, CERT /
Software Engineering Institute / Carnegie Mellon University, Compete, Co-Logic,
ContentKeeper Technologies, CyberDefender, Cyveillance, EveryDNS, Federal Bureau
of Investigation (FBI), Firetrust, For Critical Software Ltd, Fortinet, Forum of
Incident Response and Security Teams (FIRST), FraudWatch International,
IronPort, Infotex, Internet Crime Complaint Center (IC3), Internet Identity,
Intellectual Property Services, Korea Information Security Agency (KISA), Korea
Internet Security Center (KrCERT/CC), Laboratoire d'EXpertise en Securite
Informatique (LEXSI), Malware Block List, National Cyber- Forensics and Training
Alliance (NCFTA), Netcraft, NYSERNet, Okie Island Trading Company, OpenDNS, Rede
Nacional de Ensino e Pesquisa (RNP), SonicWALL, Sunbelt-Software, Support
Intelligence, SURBL, Symantec, Team Cymru, Thomas Jefferson National Accelerator
Facility (JLab), TrustDefender, United Online, United States Computer Emergency
Readiness Team (DHS US-CERT), Websense, Webwasher, XBlock



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5099] Include PIRT's phish feed in SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5099


felicity@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




------- Additional Comments From felicity@apache.org  2006-09-13 15:42 -------
Hi,

Thanks for the ticket and information.  However, I don't think there's a way
that we can use the feed directly in SpamAssassin.  We don't provide any form of
blacklist for URIs, IPs, etc, either through configs, updates, or a DNS list. 
We do, however, access other people's lists (DNSBL/URIBL) who could likely
benefit from your information which would thereby benefit SpamAssassin users.

I would specifically recommend talking with the folks at SURBL
(http://www.surbl.org/) and URIBL (http://www.uribl.com/).  The SURBL phishing
list (PH), I think, could definitely use the info.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5099] Include PIRT's phish feed in SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5099





------- Additional Comments From felicity@apache.org  2006-09-13 17:29 -------
(In reply to comment #3)
> Thanks to both Theo and Justin.  Yes SURBL is currently taking our feed.

ah cool, I looked at the list but didn't see them listed.  apparently I was
blind for a short time.  :)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 5099] Include PIRT's phish feed in SA

Posted by bu...@bugzilla.spamassassin.org.

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5099





------- Additional Comments From jm@jmason.org  2006-09-13 15:58 -------
fwiw, Paul was in touch via private mail and I asked him to open an issue here.
Ideally, I think the best way to do it would be via a DNSBL of some sort; if
such a thing was available, then we could query it as we do for
SURBL/URIBL/spamhaus etc.  I don't have any concrete ideas of the nitty-gritty
details right now though... ;)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.