Anti-spear-phishing sa-update channel

Laskie, Norman NWL002 at
Sun Feb 1 20:54:40 GMT 2009

I am seeing a lot too they are being tagged and denied based on another ruleset (500+ in the past couple days).  For some reason I'm still not seeing any hits on this ruleset though :(   We may have some getting blocked at the MTA level, but I would think by now there would be more hits on this ruleset based on the number of addresses blocked and the number passing through the mta level.


From: mailscanner-bounces at [mailscanner-bounces at] On Behalf Of Julian Field [MailScanner at]
Sent: Sunday, February 01, 2009 1:26 PM
To: MailScanner discussion
Subject: Re: Anti-spear-phishing sa-update channel

On 30/1/09 16:32, Scott Silva wrote:
> on 1-30-2009 12:52 AM shuttlebox spake the following:
>> On Sun, Jan 11, 2009 at 10:41 PM, Matt<spamlists at>  wrote:
>>> All
>>> If anyone is interested I have published an sa-update channel which
>>> generates the same rules as Jules' script.
>>> The channel is
>> I started using it at a client site a week ago and have received four
>> (4) hits so far. :-)
>> What kind of results do others see?
> I haven't seen any hits and I added this when it came out weeks ago. I am
> probably killing all the junk it might have caught with blacklists at the MTA.
The biggest recipients of spear-phishing attacks appear to be academic
institutions. So if you aren't one of those, it's quite possible you
won't see any hits. I see a lot here.


Julian Field MEng CITP CEng
Buy the MailScanner book at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key:

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

MailScanner mailing list
mailscanner at

Before posting, read

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list