looking for suggestions to catch more phising attempts

Stephen Swaney steve at fsl.com
Mon Nov 8 20:18:03 GMT 2010


On Nov 8, 2010, at 3:33 PM, John Baker wrote:

> Hi all,
> 
> I'm trying to figure out what the easiest solution with the smallest footprint for this problem might be.
> 
> Along with a lot of other schools we've had a chronic problem with phishing attempts that pretend to be us and ask for usernames and passwords. Pretty much all of them come from compromised accounts at other colleges and the spammers keep the numbers low enough and slow enough to not register on phising lists like ScamNailer. We always seem to have at least one taker who's account gets compromised by spammers for every major phishing attempt of this type. We have mechanisms like rate limiting in place to keep the damage limited but I'd really rather keep the accounts from getting compromised in the first place.
> 
> What I need is something like the phishing feature in Mailscanner that looks for mismatches between claimed and actual addresses and warns that it might be phising but looks for things like password requests or pretending to be from "helpdesk" or "webmail" instead. I'd like to pick-out them out and warn users that it might be a phising attempt.
> 
> I think that either Mailscanner MCP or postfix header/body checks could do this but I'm concerned about the added system load and possible slowdowns that either may add.
> 
> Is their anything obvious I'm overlooking here like a way to do this in Mailscanner's non mcp configuration?
> 
> Thanks
> 
> -- 
> John Baker
> Network Systems Administrator
> Marlboro College
> Phone: 451-7551 Cell: 451-6748
> 
> -- 
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/mailman/listinfo/mailscanner
> 
> Before posting, read http://wiki.mailscanner.info/posting
> 
> Support MailScanner development - buy the book off the website! 


First. Do you publish SPF records to prevent scammers from forging the mail from address?


Thanks,

Steve
-- 
Steve Swaney
steve at fsl.com
202 595-7760 ext: 601
www.fsl.com
The most accurate and cost effective anti-spam solutions available



More information about the MailScanner mailing list