Anti-Phishing Update -- New data feed

Julian Field MailScanner at ecs.soton.ac.uk
Mon Jun 15 16:55:40 IST 2009 


On 15/06/2009 16:42, Alex Broens wrote:
> On 6/15/2009 5:18 PM, Julian Field wrote:
>>
>>
>> On 15/06/2009 15:47, Alex Broens wrote:
>>> On 6/15/2009 4:32 PM, Julian Field wrote:
>>>>
>>>>
>>>> On 15/06/2009 15:00, Jonas A. Larsen wrote:
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: mailscanner-bounces at lists.mailscanner.info 
>>>>>> [mailto:mailscanner-
>>>>>> bounces at lists.mailscanner.info] On Behalf Of Julian Field
>>>>>> Sent: 15. juni 2009 13:01
>>>>>> To: MailScanner discussion
>>>>>> Subject: Anti-Phishing Update -- New data feed
>>>>>>
>>>>>> I have gained a new reliable feed of email addresses known to be 
>>>>>> used
>>>>>> in
>>>>>> phishing attacks.
>>>>>> I have therefore updated my anti-spear-phishing scripts to catch any
>>>>>> mail mentioning these email addresses as well. I know quite a few of
>>>>>> you
>>>>>> have found this script to be useful.
>>>>>>
>>>>>> You can see the new article and download the script at
>>>>>> http://www.jules.fm/Logbook/files/anti-phishing-v2.html
>>>>>>
>>>>>> Please do try it out and let me know what you think!
>>>>>>
>>>>> Hi Julian.
>>>>>
>>>>> Currently testing version 2 of the script, I never got round to 
>>>>> testing the
>>>>> old one.
>>>>>
>>>>> I was just wondering, do this feed have anything to do with the 
>>>>> EMAILBL
>>>>> plugin/project announced on the SA list?
>>>> Can you send me a URL for it or something to look at please?
>>>> Until I've read that, I can't tell you whether it is related or 
>>>> not, they might be getting a data feed from the same place I do. 
>>>> But mine is commercially generated.
>>>
>>> Jules,
>>> EmailBL is an experimental list which is being run till July 1, as a 
>>> proof of concept and in its current form will be discontinued.
>>>
>>> The data is not from the same feed.
>>>
>>> atm, there's no need to invest time in this for MailScanner as 
>>> nobody knows if it will be continued under another name, who will 
>>> mirror it, etc, etc
>> Thanks for that info. My list of phishing email addresses has a very 
>> good future and will be supported for the forseeable future, as it 
>> produced by a very large commercial entity, whose internet-based 
>> services you have almost certainly used at some point.
>
> and what entity is this?
Sorry, that is covered by a very big NDA.
>
> the EmailBL targets only freemailer email addr, not only sender, but 
> also reply-to and in msg body and being it a RBL, deployment is very 
> fast, 1 min updates so there may be overlap or missed stuff, by one or 
> the other.
Mine targets the address appearing anywhere in the headers or body of 
the message. Or slight variations of the address as well.
> jkf.anti-spear-phishing.cf look nice...
> how often is it updated?
I currently update it about every 11 minutes. Though it doesn't change 
on every update if it doesn't need to, obviously.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Follow me at twitter.com/JulesFM

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list