Anti-Phishing Update -- New data feed

Alex Broens ms-list at
Mon Jun 15 17:05:49 IST 2009

On 6/15/2009 5:55 PM, Julian Field wrote:
> On 15/06/2009 16:42, Alex Broens wrote:
>> On 6/15/2009 5:18 PM, Julian Field wrote:
>>> On 15/06/2009 15:47, Alex Broens wrote:
>>>> On 6/15/2009 4:32 PM, Julian Field wrote:
>>>>> On 15/06/2009 15:00, Jonas A. Larsen wrote:
>>>>>>> -----Original Message-----
>>>>>>> From: mailscanner-bounces at 
>>>>>>> [mailto:mailscanner-
>>>>>>> bounces at] On Behalf Of Julian Field
>>>>>>> Sent: 15. juni 2009 13:01
>>>>>>> To: MailScanner discussion
>>>>>>> Subject: Anti-Phishing Update -- New data feed
>>>>>>> I have gained a new reliable feed of email addresses known to be 
>>>>>>> used
>>>>>>> in
>>>>>>> phishing attacks.
>>>>>>> I have therefore updated my anti-spear-phishing scripts to catch any
>>>>>>> mail mentioning these email addresses as well. I know quite a few of
>>>>>>> you
>>>>>>> have found this script to be useful.
>>>>>>> You can see the new article and download the script at
>>>>>>> Please do try it out and let me know what you think!
>>>>>> Hi Julian.
>>>>>> Currently testing version 2 of the script, I never got round to 
>>>>>> testing the
>>>>>> old one.
>>>>>> I was just wondering, do this feed have anything to do with the 
>>>>>> EMAILBL
>>>>>> plugin/project announced on the SA list?
>>>>> Can you send me a URL for it or something to look at please?
>>>>> Until I've read that, I can't tell you whether it is related or 
>>>>> not, they might be getting a data feed from the same place I do. 
>>>>> But mine is commercially generated.
>>>> Jules,
>>>> EmailBL is an experimental list which is being run till July 1, as a 
>>>> proof of concept and in its current form will be discontinued.
>>>> The data is not from the same feed.
>>>> atm, there's no need to invest time in this for MailScanner as 
>>>> nobody knows if it will be continued under another name, who will 
>>>> mirror it, etc, etc
>>> Thanks for that info. My list of phishing email addresses has a very 
>>> good future and will be supported for the forseeable future, as it 
>>> produced by a very large commercial entity, whose internet-based 
>>> services you have almost certainly used at some point.
>> and what entity is this?
> Sorry, that is covered by a very big NDA.
>> the EmailBL targets only freemailer email addr, not only sender, but 
>> also reply-to and in msg body and being it a RBL, deployment is very 
>> fast, 1 min updates so there may be overlap or missed stuff, by one or 
>> the other.
> Mine targets the address appearing anywhere in the headers or body of 
> the message. Or slight variations of the address as well.
>> look nice...
>> how often is it updated?
> I currently update it about every 11 minutes. Though it doesn't change 
> on every update if it doesn't need to, obviously.

you mean this?

More information about the MailScanner mailing list