You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Steve Lake <st...@raiden.net> on 2005/05/03 04:18:04 UTC
Phishing filtering?
I'm curious. How well does SA do with handling phishing spam and is there
stuff built into it to identify and nail these kind of emails? I'm just
curious because I heard that in just the past 5 months Netcraft has logged
over 5600 unique phishing sites on the net, so I wanted to be sure any spam
about those wouldn't get through. Any info is welcome. :D
Re: Phishing filtering?
Posted by Fred <sp...@freddyt.com>.
Steve Lake wrote:
> I'm curious. How well does SA do with handling phishing spam and is
> there stuff built into it to identify and nail these kind of emails?
> I'm just curious because I heard that in just the past 5 months
> Netcraft has logged over 5600 unique phishing sites on the net, so I
> wanted to be sure any spam about those wouldn't get through. Any
> info is welcome. :D
The "Spoof" rules on the rulesemporium.com site are able to identify many
phish attempts. They use basic logic to check the From, URI, and Received
headers to attempt simple validation based on what they should be. They are
scored high, mostly because customers often whitelist those domains and
these rules are created to over-ride any of those innocent whitelists. I
noticed they haven't changed since 12-21-2004, that shows their stability.
** I am the author of those rules, get them here.
http://www.rulesemporium.com/rules/70_sare_spoof.cf
Frederic Tarasevicius
Internet Information Services, Inc.
http://www.i-is.com/
810-794-4400
Re: Phishing filtering?
Posted by Jo <ml...@winfix.IT>.
Jeff Chan wrote:
>On Monday, May 2, 2005, 7:18:04 PM, Steve Lake wrote:
>
>
>> I'm curious. How well does SA do with handling phishing spam and is there
>>stuff built into it to identify and nail these kind of emails? I'm just
>>curious because I heard that in just the past 5 months Netcraft has logged
>>over 5600 unique phishing sites on the net, so I wanted to be sure any spam
>>about those wouldn't get through. Any info is welcome. :D
>>
>>
>
>SURBL lists are supported in the default SA 3 configuration if
>network tests are enabled and a current Net::DNS is installed.
>The SURBL List ph.surbl.org contains 2000 current phishing sites
>from and MailSecurity and MailPolice:
>
> http://www.surbl.org/lists.html#ph
>
>We are working with antiphishing.org to add their data also.
>
>(SURBLs allow you to block spams based on URIs they contain,
>such as phishing site. More info at our site.)
>
>Cheers,
>
>Jeff C.
>
>
Over here the phishing attempts are being caught by Clamav, which is run
first by Amavisd-new.
Jo
Re: Phishing filtering?
Posted by Jeff Chan <je...@surbl.org>.
On Monday, May 2, 2005, 7:18:04 PM, Steve Lake wrote:
> I'm curious. How well does SA do with handling phishing spam and is there
> stuff built into it to identify and nail these kind of emails? I'm just
> curious because I heard that in just the past 5 months Netcraft has logged
> over 5600 unique phishing sites on the net, so I wanted to be sure any spam
> about those wouldn't get through. Any info is welcome. :D
SURBL lists are supported in the default SA 3 configuration if
network tests are enabled and a current Net::DNS is installed.
The SURBL List ph.surbl.org contains 2000 current phishing sites
from and MailSecurity and MailPolice:
http://www.surbl.org/lists.html#ph
We are working with antiphishing.org to add their data also.
(SURBLs allow you to block spams based on URIs they contain,
such as phishing site. More info at our site.)
Cheers,
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/