On Tue, Oct 24, 2017 at 2:49 PM, David Jones <djo...@ena.com> wrote: > On 10/24/2017 01:32 PM, Alex wrote: >> >> Hi all, I'm wondering if someone has some ideas to handle bank fraud >> phishing emails, and in particular this one: >> >> https://pastebin.com/wxFtKK16 >> >> It doesn't hit bayes99 because we haven't seen one before, and txrep >> subtracts points. It also doesn't hit any blacklists. >> >> Ideas for blocking these, and more general advice for blocking banking >> fraud/phish attacks would be appreciated. >> > > Zero-hour phishing emails from Office 365 are going to be tough to block. > About all you can do is add a blacklist_from *@mybenefitswallet.com entry > and report it to SpamCop and ph...@office365.microsoft.com.
For the most part, I agree, but the client here has also contracted with Wombat and they managed to detect this email as "Probably Phish". We're missing something with spamassassin.
