[prev in list] [next in list] [prev in thread] [next in thread]
List: spamassassin-devel
Subject: Re: Detecting Phishers is not working.
From: "Fred" <tech2 () i-is ! com>
Date: 2004-07-31 19:47:05
Message-ID: 000c01c47737$283adf30$0906010a () iis ! com
[Download RAW message or body]
Loren Wilton wrote:
> SARE has some phishing rules for various things. I just sent a
> handful more out for test last night, but as it happens none of them
> were ebay specific, since I don't seem to get a lot of ebay phishing
> mails.
We have a set of rules for phishing but it's called spoof on our site (and
the ruleset name). These rules do include spoofs against ebay, this was my
first target when I created these rules.
http://www.rulesemporium.com/rules/70_sare_spoof.cf
# Try to identify EBAY spoofs by looking for elements which should always
appear.
# If we have a From and an URL of one of these guys, we should also have a
received line to match!
header __RCVD_EBAY Received =~ /(?:email)?[^\s@]ebay\.com/i
header __FROM_EBAY From =~ /\@(?:email)?ebay\.com/i
uri __URI_EBAY /ebay\.com/i
meta SARE_FORGED_EBAY (__FROM_EBAY && __URI_EBAY && !__RCVD_EBAY)
describe SARE_FORGED_EBAY Message appears to be forged, (ebay.com)
score SARE_FORGED_EBAY 102.0
The rule is not 100% effective but it works for the majority of these spams.
This set is targetting spoofs from: ebay, paypal, usbank, and citibank
Also looking for spoofed message id's from aol, msn, hotmail, yahoo, excite
and others.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic