Anti-spear-phishing, round 2
Denis Beauchemin
Denis.Beauchemin at USherbrooke.ca
Tue Jan 13 13:33:07 GMT 2009
Mark Sapiro a écrit :
> On Mon, Jan 12, 2009 at 09:12:23AM -0500, Denis Beauchemin wrote:
>
>> I got what really looks like a FP with one of the email addresses from
>> your script... what would be the best way to correct this ? Write an SA
>> rule with a negative score for that address ? Or is there some
>> whitelisting mechanism built in ?
>>
>> Thanks!
>>
>> Denis
>> PS: the address is jmcelhaney @ uchc . edu (without the spaces).
>>
>
>
> That address is in the list at
> <http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses>
>
> If it really is a FP, you could try to contact the project via
> <http://code.google.com/p/anti-phishing-email-reply/> and see if it can
> be removed.
>
> Alternatively, you could add a line
>
> next if /^jmcelhaney\@uchc\.edu$/;
>
> in between the lines:
>
> next unless /^.+\@.+\..+$/; # Only interested in email addresses.
>
> push @addresses, $_; # This is for the report
>
> in the script to skip that address. That's the "whitelisting" mechanism :)
>
>
Thanks Mark,
I implemented your "whitelisting" method and it is working fine!
Denis
--
_
°v° Denis Beauchemin, analyste
/(_)\ Université de Sherbrooke, S.T.I.
^ ^ T: 819.821.8000x62252 F: 819.821.8045
More information about the MailScanner
mailing list