Feature Request: Phishing

[Julian Field]

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

John Wilcock wrote:

> Julian Field wrote:
>
>> Would you need fancy things like regexp patterns and/or wildcards, or
>> would simple website hostnames do? Website hostnames that I can look up
>> in a hash will be *considerably* faster. Then the size of the list won't
>> affect the time it takes to do a lookup. Checking everything like I do
>> with a ruleset at the moment is very slow, especially if the list grew
>> large.
>
>
> I can't see a need for regexes. Simple wildcards (*.domain.com) would be
> more convenient but by no means essential, at least judging by the
> sample of phishing mail we get here.

Wildcards would be no better than allowing full regexps. It would need
to be full hostnames of the website concerned. Is that okay?

> Or how about a wacky idea - an option to look the hostname up in a
> DNS-based whitelist, SURBL-style. For particularly large whitelists I
> expect the performance from a local rbldnsd server ought to be good
> enough.

Eek! Sounds like a good idea, but I think very very few people would
actually use it.

--
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!