You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jeff Chan <je...@surbl.org> on 2004/11/10 08:43:18 UTC
Re: [SURBL-Discuss] Please test MailPolice Fraud list
On Monday, September 20, 2004, 3:20:52 PM, Jeff Chan wrote:
> Please test the MailPolice Fraud list as Bill described earlier
> (copied below). We would like to include this data in our
> PH anti-phishing list, but request your help in testing it
> first.
> We're particularly interested in any false positives.
> Jeff C.
> __
> This is a list that MailPolice hosts and I have been running it for a few
> hours and it has already flagged some phish and fraud e-mails. Here is some
> info about the list: http://rhs.mailpolice.com/#rhsfraud
> This is my configuration for SA 2.64 with the SpamCopURI plug-in:
> uri MP_URI_RBL
> eval:check_spamcop_uri_rbl('fraud.rhs.mailpolice.com','127.0.0.2')
> describe MP_URI_RBL URI's domain appears in MailPolice fraud list
> tflags MP_URI_RBL net
> score MP_URI_RBL 2.0
> And for SA 3.0 with the URIDNSBL plug-in:
> urirhsbl URIBL_MP fraud.rhs.mailpolice.com. A
> header URIBL_MP eval:check_uridnsbl('URIBL_MP')
> describe URIBL_MP URI's domain appears in MailPolice fraud list
> tflags URIBL_MP net
> score URIBL_MP 2.0
> Bill
Does anyone have any more testing of the fraud.rhs.mailpolice.com
data to share?
SpamAssassin corpus checkers, would you please test it for FPs?
Shall we add it to ph.surbl.org?
Jeff C.
--
"If it appears in hams, then don't list it."
Re: [SURBL-Discuss] Please test MailPolice Fraud list
Posted by Jeff Chan <je...@surbl.org>.
On Thursday, November 11, 2004, 7:49:51 PM, David Hooton wrote:
> On Tue, 9 Nov 2004 23:43:18 -0800, Jeff Chan <je...@surbl.org> wrote:
>>
>> Does anyone have any more testing of the fraud.rhs.mailpolice.com
>> data to share?
> It looks good to me so far.
>> Shall we add it to ph.surbl.org?
> I have no problem with it, it's yet another view of the internet which
> I believe is important.
> As a side note to everyone, please keep submitting your phish emails
> to postmaster @ corp.mailsecurity.net.au without your submissions we
> don't have new data :)
Thanks for your feedback David. Based on your feedback and
others, I went ahead and merged the fraud.rhs.mailpolice.com data
in with your mailsecurity.net.au phishing list into ph.surbl.org.
Overlap between these two lists was only 36 records, and combining
the lists has approximately doubled the size of the ph.surbl.org
to about 1000 records.
One thing you may want to look at is expiring the data,
especially IP addresses. Not sure what algorithm to
use, though age may be a possibility, or perhaps the
lack of recent reports for a given record.
Overlap between fraud.rhs.mailpolice.com and other
existing SURBLs, including ph.surbl.org is 89 records.
I'll go ahead and announce and document this change.
Jeff C.
--
"If it appears in hams, then don't list it."
Re: [SURBL-Discuss] Please test MailPolice Fraud list
Posted by David Hooton <da...@gmail.com>.
On Tue, 9 Nov 2004 23:43:18 -0800, Jeff Chan <je...@surbl.org> wrote:
>
> Does anyone have any more testing of the fraud.rhs.mailpolice.com
> data to share?
It looks good to me so far.
> Shall we add it to ph.surbl.org?
I have no problem with it, it's yet another view of the internet which
I believe is important.
As a side note to everyone, please keep submitting your phish emails
to postmaster @ corp.mailsecurity.net.au without your submissions we
don't have new data :)
--
Regards,
David Hooton