Anti-spear-phishing, round 2
Mark Sapiro
mark at msapiro.net
Thu Jan 8 17:54:21 GMT 2009
Julian Field wrote:
>
>It also looks for numbers at the end of the username bit of the address,
>and assumes that these are numbers which the scammers may change; so if
>it finds them, it replaces them with a pattern that will match any
>number instead.
I don't know how significant this is, but in some cases this generates
duplicate regexps. For example, there are two addresses (spaces
inserted here so I don't trigger the rule) zenithbkloan03 @
comcast.net and
zenithbkloan05 @ comcast.net in the google list. This generates the
regexp (zenithbkloan\d+\@comcast\.net) twice in the generated rules.
Also, I've been running this for a few days, and other than testing,
I've gotten no hits on this rule. Just lucky I guess.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list