spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David B Funk <dbf...@engineering.uiowa.edu>
Subject Re: Better phish detection
Date Mon, 12 Mar 2012 17:02:41 GMT
On Mon, 12 Mar 2012, Paul Russell wrote:

> On 3/10/2012 16:43, Ned Slider wrote:
>> 
>> This one is easy enough - if the latter is the only valid url that should 
>> ever appear in an email, create a meta rule that looks for a url containing 
>> bway.net (or even just bway or webmail or login etc), but isn't 
>> https://webmail.bway.net/.
>> 
>> Create meta rules for the common words you have identified. Link these with 
>> a rule such as __HAS_ANY_URI or some of your webmail based URI rules above.
>>
>> What other rules commonly hit - are they sent from freemail accounts? Do 
>> they hit any DNSBL's?
>
> It's not that simple. If it were, the problem would not have been ongoing for 
> at least 4 years.

Technically what Ned said is correct "This one is easy enough".
Yes THIS ONE (emphasis mine) is easy enough, but for some of us these
kind of spear-phishing attacks are an ever mutating problem and some
are damned clever.

Even the not too clever ones are problematic if they're good enough
to fool the victims (which sadly doesn't take too much ).
We have to control it in the mail stream as we cannot control how
our clients read their mail.


-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Mime
View raw message