Change default phishing net setting?

Julian Field MailScanner at ecs.soton.ac.uk
Fri Oct 12 09:14:17 IST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Quentin Campbell wrote:
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>> bounces at lists.mailscanner.info] On Behalf Of Julian Field
>> Sent: 11 October 2007 21:03
>> To: MailScanner discussion
>> Subject: Change default phishing net setting?
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I am considering changing the supplied default
>>    Use Stricter Phishing Net = yes
>> to "no".
>>
>> As a reminder, the biggest consequence of this is that links that take
>> you to host tracking.yourdomain.com while claiming to be taking you to
>> www.yourdomain.com would be allowed.
>>
>> Any thoughts?
>> What do most people set this to?
>>     
>
> We set this to "no" after initially trying "yes". Too many false positives and complaints.
>
> I think I understand the implications of using 'Use Stricter Phishing Net = no'. 
>
> Its effects would only be serious if 'yourdomain.com' was a _reputable_ sounding organisation owned or subverted by some foreign criminal enterprise, not vulnerable to the rule of law. But observe that 'yourdomain.com' could construct its phishing/scam e-mails so that they would not even be detected by MailScanner with 'Use Stricter Phishing Net = yes', since it has full control of its DNS entries.  
>
> If 'yourdomain.com' was a reputable business, vulnerable to the rule of law, who unknowingly allowed a part of its organisation to register and use 'trojan.yourdomain.com' in a phishing exercise (seems an unlikely possibility), then I would expect the problem to be quickly recognised and dealt with and affected individuals to have recourse through the courts where necessary.
>
> Is this assessment to naïve?
>   
It has happened to Google before now.

Jules

- -- 
Julian Field MEng CITP
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)
Comment: (pgp-secured)
Charset: ISO-8859-1

wj8DBQFHDyzaEfZZRxQVtlQRAnCIAKCSXkKhB1sBvd15+44Am3phFc9vCwCfVUq2
thMALr6nXe80FsXxTDyaA5U=
=4lka
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
For all your IT requirements visit www.transtec.co.uk



More information about the MailScanner mailing list