Anti-spear-phishing sa-update channel

Laskie, Norman NWL002 at shsu.edu
Sun Feb 1 20:54:40 GMT 2009


I am seeing a lot too they are being tagged and denied based on another ruleset (500+ in the past couple days).  For some reason I'm still not seeing any hits on this ruleset though :(   We may have some getting blocked at the MTA level, but I would think by now there would be more hits on this ruleset based on the number of addresses blocked and the number passing through the mta level.

Thanks,
Norman

________________________________________
From: mailscanner-bounces at lists.mailscanner.info [mailscanner-bounces at lists.mailscanner.info] On Behalf Of Julian Field [MailScanner at ecs.soton.ac.uk]
Sent: Sunday, February 01, 2009 1:26 PM
To: MailScanner discussion
Subject: Re: Anti-spear-phishing sa-update channel

On 30/1/09 16:32, Scott Silva wrote:
> on 1-30-2009 12:52 AM shuttlebox spake the following:
>
>> On Sun, Jan 11, 2009 at 10:41 PM, Matt<spamlists at coders.co.uk>  wrote:
>>
>>> All
>>>
>>> If anyone is interested I have published an sa-update channel which
>>> generates the same rules as Jules' script.
>>>
>>> The channel is
>>>
>>> spear.bastionmail.com
>>>
>> I started using it at a client site a week ago and have received four
>> (4) hits so far. :-)
>>
>> What kind of results do others see?
>>
>>
> I haven't seen any hits and I added this when it came out weeks ago. I am
> probably killing all the junk it might have caught with blacklists at the MTA.
>
The biggest recipients of spear-phishing attacks appear to be academic
institutions. So if you aren't one of those, it's quite possible you
won't see any hits. I see a lot here.

Jules

--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
MailScanner mailing list
mailscanner at lists.mailscanner.info
http://lists.mailscanner.info/mailman/listinfo/mailscanner

Before posting, read http://wiki.mailscanner.info/posting

Support MailScanner development - buy the book off the website!


More information about the MailScanner mailing list