On Fri, May 1, 2009 at 3:37 PM, Adam Katz wrote:
> Can you determine how many of those were out-of-office messages? Then
> again, even at just two, if you can stop such compromises, it's worth
> it (and then some).
The replies I was talking about was, sadly, manually filtered to
remove everythin
On Fri, May 01, 2009 at 02:36:28PM -0500, Jesse Thompson wrote:
> John Hardin wrote:
>> On Fri, 1 May 2009, Adam Katz wrote:
>>
>>> The emailBL mechanism could easily be populated by a spamtrap, but the
>>> danger from false positives (forged sender addresses) would be quite
>>> real.
>
> On a rela
I forgot to also mention honeypots here.
Create a few accounts whose sole purpose is finding these phishing
attacks. They are email accounts which will appear to fall victim to
the attack, sending their "password" which gains "access" to the
company's web portal. Of course, all this "access" doe
Jesse Thompson wrote:
> Possible values for TYPE:
> E: The ADDRESS (usually in the From header) might receive replies
> but it was not intended to receive the replies.
Oh! That's a new one. Changes my code. My code now supports Z as
requesting a hidden email address, A-J
Mandy wrote:
> I work for a Canadian provincial government, on a system with about
> 50,000 mailboxes. I scanned our outbound mail logs over the past 6
> months with this data. There were 31 replies to "Your webmail is
> expired!! !" type messages in that period.
>
> If we had had been blocking
On Fri, May 1, 2009 at 7:52 AM, Jesse Thompson
wrote:
> Yet Another Ninja wrote:
>>
>> I'm trying hard to convince myself this data is really useful.
I work for a Canadian provincial government, on a system with about
50,000 mailboxes. I scanned our outbound mail logs over the past 6
months with
John Hardin wrote:
On Fri, 1 May 2009, Adam Katz wrote:
The emailBL mechanism could easily be populated by a spamtrap, but the
danger from false positives (forged sender addresses) would be quite
real.
On a related note: you also need to worry about the phishers
intentionally forging the Rep
On Fri, 1 May 2009, Yet Another Ninja wrote:
Only little drawback is how to centralize (or not) all this gold to make
it useful to more than me and my dog.
I (and I'm sure others) would be willing to feed phishing corpa from our
quarantines, so long as it's easy to do.
--
John Hardin KA7OH
On Fri, 1 May 2009, Adam Katz wrote:
The emailBL mechanism could easily be populated by a spamtrap, but the
danger from false positives (forged sender addresses) would be quite
real.
How would the phisher collect the password info from their target using a
forged sender address?
Suggestion:
On 5/1/2009 4:52 PM, Jesse Thompson wrote:
Yet Another Ninja wrote:
I'm trying hard to convince myself this data is really useful.
the whole
http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses
file has 4518 entries, including vintage 2008
compared to the big_b
Yet Another Ninja wrote:
I'm trying hard to convince myself this data is really useful.
the whole
http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses
file has 4518 entries, including vintage 2008
compared to the big_boyz my trap feed is quite small and I collec
Yet Another Ninja wrote:
>> I'm trying hard to convince myself this data is really useful.
>>
>> the whole
>> http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses
>> file has 4518 entries, including vintage 2008
>>
>> compared to the big_boyz my trap feed is quite s
Yet Another Ninja wrote:
This is not to suggest that I ever understood the part about using
half-length MD5.
No need. I'm using full-length hashes now, plus the SURBL/chmod style
IP addresses. I must have lost the email I was composing on the topic,
but it's fully propagated by now. I've at
On 5/1/2009 3:56 PM, Adam Katz wrote:
Jeff Moss wrote:
This is not to suggest that I ever understood the part about using
half-length MD5.
No need. I'm using full-length hashes now, plus the SURBL/chmod style
IP addresses. I must have lost the email I was composing on the topic,
but it's ful
14 matches
Mail list logo
