Anti-Phishing Update -- New data feed

Jason Ede J.Ede at
Mon Jun 15 19:31:23 IST 2009

> > Looking at the produced SA rule, using a "full" type of rule are
> > pretty slow + the size may make it "hoggy".
> >
> > As apparently the source provides a key for body/reply-to/etc, imo,
> it
> > may be worth it to try to apply this to the SA rules and create
> > optimized header and body rules.
> > otherwise, the data is real good.
> I need to apply the rules to the entire message body and headers, as
> they frequently put the email address just in the body of the message
> inside some link or other. So how would creating separate header and
> body rules be any better?
> I do at least sort the data alphabetically (pretty much) so that the
> regexp compiler in Perl can produce optimised FSMs that can knock out
> many of the regexps just by looking at the first character, without
> having to test any further.
> I also protect the regexp by designing it to minimise false positives,
> in that it must be preceded and followed by things that aren't part of
> an email address, which many of my competitors don't take the effort to
> do. There's nothing worse than a protection system which causes loads
> of
> false alarms.
> >
> > Alex
> >
> >
> Jules

Rulesets look really useful thanks :-)

The competitors are just plain struggling to keep up.


More information about the MailScanner mailing list