Anti-spear-phishing sa-update channel
Laskie, Norman
NWL002 at shsu.edu
Sun Feb 1 20:54:40 GMT 2009
I am seeing a lot too they are being tagged and denied based on another ruleset (500+ in the past couple days). For some reason I'm still not seeing any hits on this ruleset though :( We may have some getting blocked at the MTA level, but I would think by now there would be more hits on this ruleset based on the number of addresses blocked and the number passing through the mta level.
Thanks,
Norman
________________________________________
From: mailscanner-bounces at lists.mailscanner.info [mailscanner-bounces at lists.mailscanner.info] On Behalf Of Julian Field [MailScanner at ecs.soton.ac.uk]
Sent: Sunday, February 01, 2009 1:26 PM
To: MailScanner discussion
Subject: Re: Anti-spear-phishing sa-update channel
On 30/1/09 16:32, Scott Silva wrote:
> on 1-30-2009 12:52 AM shuttlebox spake the following:
>
>> On Sun, Jan 11, 2009 at 10:41 PM, Matt<spamlists at coders.co.uk> wrote:
>>
>>> All
>>>
>>> If anyone is interested I have published an sa-update channel which
>>> generates the same rules as Jules' script.
>>>
>>> The channel is
>>>
>>> spear.bastionmail.com
>>>
>> I started using it at a client site a week ago and have received four
>> (4) hits so far. :-)
>>
>> What kind of results do others see?
>>
>>
> I haven't seen any hits and I added this when it came out weeks ago. I am
> probably killing all the junk it might have caught with blacklists at the MTA.
>
The biggest recipients of spear-phishing attacks appear to be academic
institutions. So if you aren't one of those, it's quite possible you
won't see any hits. I see a lot here.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!
More information about the MailScanner
mailing list