Anti-Phishing Update -- New data feed

Julian Field MailScanner at
Mon Jun 15 18:10:22 IST 2009

On 15/06/2009 17:05, Alex Broens wrote:
> On 6/15/2009 5:55 PM, Julian Field wrote:
>> On 15/06/2009 16:42, Alex Broens wrote:
>>> On 6/15/2009 5:18 PM, Julian Field wrote:
>>>> On 15/06/2009 15:47, Alex Broens wrote:
>>>>> On 6/15/2009 4:32 PM, Julian Field wrote:
>>>>>> On 15/06/2009 15:00, Jonas A. Larsen wrote:
>>>>>>>> -----Original Message-----
>>>>>>>> From: mailscanner-bounces at 
>>>>>>>> [mailto:mailscanner-
>>>>>>>> bounces at] On Behalf Of Julian Field
>>>>>>>> Sent: 15. juni 2009 13:01
>>>>>>>> To: MailScanner discussion
>>>>>>>> Subject: Anti-Phishing Update -- New data feed
>>>>>>>> I have gained a new reliable feed of email addresses known to 
>>>>>>>> be used
>>>>>>>> in
>>>>>>>> phishing attacks.
>>>>>>>> I have therefore updated my anti-spear-phishing scripts to 
>>>>>>>> catch any
>>>>>>>> mail mentioning these email addresses as well. I know quite a 
>>>>>>>> few of
>>>>>>>> you
>>>>>>>> have found this script to be useful.
>>>>>>>> You can see the new article and download the script at
>>>>>>>> Please do try it out and let me know what you think!
>>>>>>> Hi Julian.
>>>>>>> Currently testing version 2 of the script, I never got round to 
>>>>>>> testing the
>>>>>>> old one.
>>>>>>> I was just wondering, do this feed have anything to do with the 
>>>>>>> EMAILBL
>>>>>>> plugin/project announced on the SA list?
>>>>>> Can you send me a URL for it or something to look at please?
>>>>>> Until I've read that, I can't tell you whether it is related or 
>>>>>> not, they might be getting a data feed from the same place I do. 
>>>>>> But mine is commercially generated.
>>>>> Jules,
>>>>> EmailBL is an experimental list which is being run till July 1, as 
>>>>> a proof of concept and in its current form will be discontinued.
>>>>> The data is not from the same feed.
>>>>> atm, there's no need to invest time in this for MailScanner as 
>>>>> nobody knows if it will be continued under another name, who will 
>>>>> mirror it, etc, etc
>>>> Thanks for that info. My list of phishing email addresses has a 
>>>> very good future and will be supported for the forseeable future, 
>>>> as it produced by a very large commercial entity, whose 
>>>> internet-based services you have almost certainly used at some point.
>>> and what entity is this?
>> Sorry, that is covered by a very big NDA.
>>> the EmailBL targets only freemailer email addr, not only sender, but 
>>> also reply-to and in msg body and being it a RBL, deployment is very 
>>> fast, 1 min updates so there may be overlap or missed stuff, by one 
>>> or the other.
>> Mine targets the address appearing anywhere in the headers or body of 
>> the message. Or slight variations of the address as well.
>>> look nice...
>>> how often is it updated?
>> I currently update it about every 11 minutes. Though it doesn't 
>> change on every update if it doesn't need to, obviously.
> you mean this?
No, that's the first one I used, and still do use. But it's certainly 
not the new data feed. That one is freely available to anyone who wants 
it, there's no NDA or anything associated with it.


Julian Field MEng CITP CEng
Buy the MailScanner book at
Follow me at

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key:

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list