Anti-spear-phishing, round 2

Mark Sapiro mark at msapiro.net
Thu Jan 8 17:54:21 GMT 2009


Julian Field wrote:
>
>It also looks for numbers at the end of the username bit of the address, 
>and assumes that these are numbers which the scammers may change; so if 
>it finds them, it replaces them with a pattern that will match any 
>number instead.


I don't know how significant this is, but in some cases this generates
duplicate regexps. For example, there are two addresses (spaces
inserted here so I don't trigger the rule) zenithbkloan03 @
comcast.net and
zenithbkloan05 @ comcast.net in the google list. This generates the
regexp (zenithbkloan\d+\@comcast\.net) twice in the generated rules.

Also, I've been running this for a few days, and other than testing,
I've gotten no hits on this rule. Just lucky I guess.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan



More information about the MailScanner mailing list