Fraud and Phishing detection

[Julian Field]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



DAve wrote:
> Michele Neylon:: Blacknight.ie wrote:
>> DAve wrote:
>>> I have looked through the wiki and the website. I found
>>> http://www.mailscanner.info/support.html#phishing but nothing more.
>>>
>>> Can anyone tell the rules/logic used for detecting Fraud and Phishing
>>> attempts in a message? Or is this a read the source moment?
>>>
>>> Thanks,
>>>
>>> DAve
>> If you enable it and watch what it does to a phishing email it'll make
>> more sense :)
>>
> 
> I did, and I have. But I only get to see the page *after* MS has 
> disabled it.
> 
> I have clients asking "Why?". They are not complaining, just asking how 
> it works, they are glad we are disabling suspected fraud. I would like 
> to say what the system is looking for and provide a valid example in 
> before and after states.
> 
> The bottom line, it works, and works well. But I don't want to sound 
> stooopid because I can't explain how it works with confidence.

I have just updated www.phishingnet.info to contain a pretty accurate 
description of the latest version of the net, along with an explanation 
of how the "less strict" version of the net works.

I strongly recommend you take a look at it.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at MailScanner.biz

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
For all your IT requirements visit www.transtec.co.uk

-----BEGIN PGP SIGNATURE-----
Version: PGP SDK 3.7.0
Charset: ISO-8859-1

wj8DBQFE43kJEfZZRxQVtlQRAsMpAJ4mmnK6Y1q7u2ovkv7U6S8X9BgHugCg3QE1
/taL73WsRrcwWduGJz4Peeo=
=nCWh
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk