Anti-spear-phishing, round 2

Mark Sapiro mark at msapiro.net
Tue Jan 13 04:33:40 GMT 2009


On Mon, Jan 12, 2009 at 09:12:23AM -0500, Denis Beauchemin wrote:
> 
> I got what really looks like a FP with one of the email addresses from 
> your script... what would be the best way to correct this ?  Write an SA 
> rule with a negative score for that address ? Or is there some 
> whitelisting mechanism built in ?
> 
> Thanks!
> 
> Denis
> PS: the address is jmcelhaney @ uchc . edu (without the spaces).


That address is in the list at
<http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses>

If it really is a FP, you could try to contact the project via
<http://code.google.com/p/anti-phishing-email-reply/> and see if it can
be removed.

Alternatively, you could add a line

  next if /^jmcelhaney\@uchc\.edu$/;

in between the lines:

  next unless /^.+\@.+\..+$/; # Only interested in email addresses.

  push @addresses, $_; # This is for the report

in the script to skip that address. That's the "whitelisting" mechanism :)

-- 
Mark Sapiro mark at msapiro net       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


More information about the MailScanner mailing list