school targeted phishing getting past MailScanner and ScamNailer
--[ UxBoD ]--
uxbod at splatnix.net
Fri Oct 23 08:48:52 IST 2009
----- "Robert Lopez" <rlopezcnm at gmail.com> wrote:
| >From what I see in the logs MailScanner and ScamNailer are stopping
| a
| LOT of email like these examples:
|
| Found phishing fraud from
| http://email.eharmony.com/t/3245264/61666596/125002/0/ claiming to be
| www.eharmony.com in F1AB6660637.1911E
| Found phishing fraud from
| http://echo4.bluehornet.com/ct/5756277:6696375060:m:1:398960397:0FE61091879EEBBC9425626D5DFDF9C1
| claiming to be
| www.playforfreewith500%%bonuscoupon"gwgma"atwww.mightyslots.com
| in DB66D29B5.F13D9
|
| I am not sure if those are phishing or not. They are at least probably
| spam.
|
| Using : grep "Found phishing fraud" maillog | grep -v "claiming to
| be"
| finds only 12 log entries whereas the "claiming to be" type are 20842
| since Monday morning.
|
| What is not being stopping is the email that threatens to remove the
| target's email account unless they send account name, birth date,
| student id, password, etc. to an email address.
|
| I am wondering if I should attempt to write Spamassassin rules to
| stop
| that kind of phishing. Everything I think of would stop _this_ email
| if I assigned weight to the critical words used in that type of
| email.
|
| What other ways can MailScanner and ScamNailer be used to stop this
| kind of school targeted phishing which all too often is successful
| and
| leads to account compromises?
|
You could try this from John Hardin on the SpamAssassin list :-
http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/20_fillform.cf?revision=828291&view=markup
It may require a few tweaks for your own setup.
--
This message has been scanned for viruses and
dangerous content and is believed to be clean.
SplatNIX IT Services :: Innovation through collaboration
More information about the MailScanner
mailing list