Anti-spear-phishing, round 2
Mark Sapiro
mark at msapiro.net
Tue Jan 13 04:33:40 GMT 2009
On Mon, Jan 12, 2009 at 09:12:23AM -0500, Denis Beauchemin wrote:
>
> I got what really looks like a FP with one of the email addresses from
> your script... what would be the best way to correct this ? Write an SA
> rule with a negative score for that address ? Or is there some
> whitelisting mechanism built in ?
>
> Thanks!
>
> Denis
> PS: the address is jmcelhaney @ uchc . edu (without the spaces).
That address is in the list at
<http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses>
If it really is a FP, you could try to contact the project via
<http://code.google.com/p/anti-phishing-email-reply/> and see if it can
be removed.
Alternatively, you could add a line
next if /^jmcelhaney\@uchc\.edu$/;
in between the lines:
next unless /^.+\@.+\..+$/; # Only interested in email addresses.
push @addresses, $_; # This is for the report
in the script to skip that address. That's the "whitelisting" mechanism :)
--
Mark Sapiro mark at msapiro net The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the MailScanner
mailing list