Feature Request: Phishing
Roger Jochem
roger at RUDNICK.COM.BR
Tue Jan 18 15:39:30 GMT 2005
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Website hostnames would work fine for me...
----- Original Message -----
From: "Julian Field" <MailScanner at ECS.SOTON.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Tuesday, January 18, 2005 12:50 PM
Subject: Re: Feature Request: Phishing
> Would you need fancy things like regexp patterns and/or wildcards, or
> would simple website hostnames do? Website hostnames that I can look up
> in a hash will be *considerably* faster. Then the size of the list won't
> affect the time it takes to do a lookup. Checking everything like I do
> with a ruleset at the moment is very slow, especially if the list grew
> large.
>
> Do people want features or speed?
>
> Julian Field wrote:
>
> > You can already do this with a ruleset based on the sender's email
> > address. But the whitelist for this really needs to be URL-based, not
> > email address-based, agreed.
> >
> > I'll take a look into providing a whitelist for the URL's that are
> > checked in the phishing net. It would indeed come in very handy. I could
> > whitelist e-mail.egg.com!
> >
> > Pentland G. wrote:
> >
> >> Julian,
> >>
> >> I think a possible solution could be to include a "phishing whitelist",
> >> not quite sure how the concept would work yet as I'm thinking aloud a
> >> little.
> >>
> >> This would allow a disarm action to be used as I suspect if your users
> >> are broadly like mine, the complaints are likely to be from a small
> >> group of mailing list users and those mails could be whitelisted around
> >> the phishing code?
> >>
> >> Thoughts?
> >>
> >> Julian Field wrote:
> >>
> >>
> >>> I purposely didn't do that as there is an inevitable false alarm
> >>> rate. I don't even tag the Subject: line. Having a valid (false
> >>> positive) link removed would annoy my users very quickly!
> >>>
> >>> Roger Jochem wrote:
> >>>
> >>>
> >>>
> >>>> I'd would like to have a way of "disarming" phishing frauds from the
> >>>> e-mail instead of warning the user about it. Could it be done?
> >>>> Something like removing the <a href...> from the e-mail, disabling
> >>>> the fraud. Even warning my users, some of them open the link. Maybe
> >>>> because they're curious about it... Is it possible?
> >>>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list