Anti-Phishing Update -- New data feed
Jason Ede
J.Ede at birchenallhowden.co.uk
Mon Jun 15 19:31:23 IST 2009
> > Looking at the produced SA rule, using a "full" type of rule are
> > pretty slow + the size may make it "hoggy".
> >
> > As apparently the source provides a key for body/reply-to/etc, imo,
> it
> > may be worth it to try to apply this to the SA rules and create
> > optimized header and body rules.
> > otherwise, the data is real good.
> I need to apply the rules to the entire message body and headers, as
> they frequently put the email address just in the body of the message
> inside some link or other. So how would creating separate header and
> body rules be any better?
>
> I do at least sort the data alphabetically (pretty much) so that the
> regexp compiler in Perl can produce optimised FSMs that can knock out
> many of the regexps just by looking at the first character, without
> having to test any further.
>
> I also protect the regexp by designing it to minimise false positives,
> in that it must be preceded and followed by things that aren't part of
> an email address, which many of my competitors don't take the effort to
> do. There's nothing worse than a protection system which causes loads
> of
> false alarms.
>
> >
> > Alex
> >
> >
>
> Jules
Rulesets look really useful thanks :-)
The competitors are just plain struggling to keep up.
Jason
More information about the MailScanner
mailing list