Anti-Phishing Update -- New data feed
Alex Broens
ms-list at alexb.ch
Mon Jun 15 17:05:49 IST 2009
On 6/15/2009 5:55 PM, Julian Field wrote:
>
>
> On 15/06/2009 16:42, Alex Broens wrote:
>> On 6/15/2009 5:18 PM, Julian Field wrote:
>>>
>>>
>>> On 15/06/2009 15:47, Alex Broens wrote:
>>>> On 6/15/2009 4:32 PM, Julian Field wrote:
>>>>>
>>>>>
>>>>> On 15/06/2009 15:00, Jonas A. Larsen wrote:
>>>>>>
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-bounces at lists.mailscanner.info
>>>>>>> [mailto:mailscanner-
>>>>>>> bounces at lists.mailscanner.info] On Behalf Of Julian Field
>>>>>>> Sent: 15. juni 2009 13:01
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: Anti-Phishing Update -- New data feed
>>>>>>>
>>>>>>> I have gained a new reliable feed of email addresses known to be
>>>>>>> used
>>>>>>> in
>>>>>>> phishing attacks.
>>>>>>> I have therefore updated my anti-spear-phishing scripts to catch any
>>>>>>> mail mentioning these email addresses as well. I know quite a few of
>>>>>>> you
>>>>>>> have found this script to be useful.
>>>>>>>
>>>>>>> You can see the new article and download the script at
>>>>>>> http://www.jules.fm/Logbook/files/anti-phishing-v2.html
>>>>>>>
>>>>>>> Please do try it out and let me know what you think!
>>>>>>>
>>>>>> Hi Julian.
>>>>>>
>>>>>> Currently testing version 2 of the script, I never got round to
>>>>>> testing the
>>>>>> old one.
>>>>>>
>>>>>> I was just wondering, do this feed have anything to do with the
>>>>>> EMAILBL
>>>>>> plugin/project announced on the SA list?
>>>>> Can you send me a URL for it or something to look at please?
>>>>> Until I've read that, I can't tell you whether it is related or
>>>>> not, they might be getting a data feed from the same place I do.
>>>>> But mine is commercially generated.
>>>>
>>>> Jules,
>>>> EmailBL is an experimental list which is being run till July 1, as a
>>>> proof of concept and in its current form will be discontinued.
>>>>
>>>> The data is not from the same feed.
>>>>
>>>> atm, there's no need to invest time in this for MailScanner as
>>>> nobody knows if it will be continued under another name, who will
>>>> mirror it, etc, etc
>>> Thanks for that info. My list of phishing email addresses has a very
>>> good future and will be supported for the forseeable future, as it
>>> produced by a very large commercial entity, whose internet-based
>>> services you have almost certainly used at some point.
>>
>> and what entity is this?
> Sorry, that is covered by a very big NDA.
>>
>> the EmailBL targets only freemailer email addr, not only sender, but
>> also reply-to and in msg body and being it a RBL, deployment is very
>> fast, 1 min updates so there may be overlap or missed stuff, by one or
>> the other.
> Mine targets the address appearing anywhere in the headers or body of
> the message. Or slight variations of the address as well.
>> jkf.anti-spear-phishing.cf look nice...
>> how often is it updated?
> I currently update it about every 11 minutes. Though it doesn't change
> on every update if it doesn't need to, obviously.
you mean this?
http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses
More information about the MailScanner
mailing list