spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David F. Skoll" <...@roaringpenguin.com>
Subject Re: SA and Spear Phishing
Date Sat, 19 Mar 2011 01:20:53 GMT
> So when it comes to spear phish, in my view, a big question mark
> arises to indicate that its risk is simply "unknow" to mankind. This
> is unknown in the public domain as far as I know, which is why I
> posted this mail to see if any of you see any spear phish within the
> load of SPAM you detect.

Spear phishing is inherently hard to detect because it's carefully
crafted for a small set of victims.  We do see it among our customers.
Sometimes we stop it; sometimes it slips through.

Something they helps a little bit is the Anti-Phishing Email Reply
project at http://code.google.com/p/anti-phishing-email-reply/ We use
and contribute to that list, but it's still reactive rather than
proactive.

We also try to mitigate post-phishing damage by rate-limiting outbound
mail.  If a phisher steals your credentials and uses them to start
spamming, our software will block your account if it exceeds the
admin-specified recipient-per-hour limit.  (It also notifies the admin.)

While this doesn't prevent phishing, it can reduce the damage in the
large class of cases in which credentials are stolen to be used for
spamming.  It also quickly alerts admins to compromised accounts.

Regards,

David.

Mime
View raw message