Anti-spear-phishing, round 2

Denis Beauchemin Denis.Beauchemin at USherbrooke.ca
Tue Jan 13 13:33:07 GMT 2009


Mark Sapiro a écrit :
> On Mon, Jan 12, 2009 at 09:12:23AM -0500, Denis Beauchemin wrote:
>   
>> I got what really looks like a FP with one of the email addresses from 
>> your script... what would be the best way to correct this ?  Write an SA 
>> rule with a negative score for that address ? Or is there some 
>> whitelisting mechanism built in ?
>>
>> Thanks!
>>
>> Denis
>> PS: the address is jmcelhaney @ uchc . edu (without the spaces).
>>     
>
>
> That address is in the list at
> <http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses>
>
> If it really is a FP, you could try to contact the project via
> <http://code.google.com/p/anti-phishing-email-reply/> and see if it can
> be removed.
>
> Alternatively, you could add a line
>
>   next if /^jmcelhaney\@uchc\.edu$/;
>
> in between the lines:
>
>   next unless /^.+\@.+\..+$/; # Only interested in email addresses.
>
>   push @addresses, $_; # This is for the report
>
> in the script to skip that address. That's the "whitelisting" mechanism :)
>
>   

Thanks Mark,

I implemented your "whitelisting" method and it is working fine!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x62252 F: 819.821.8045




More information about the MailScanner mailing list