Steve Lake wrote: > I'm curious. How well does SA do with handling phishing spam and is > there stuff built into it to identify and nail these kind of emails? > I'm just curious because I heard that in just the past 5 months > Netcraft has logged over 5600 unique phishing sites on the net, so I > wanted to be sure any spam about those wouldn't get through. Any > info is welcome. :D
The "Spoof" rules on the rulesemporium.com site are able to identify many phish attempts. They use basic logic to check the From, URI, and Received headers to attempt simple validation based on what they should be. They are scored high, mostly because customers often whitelist those domains and these rules are created to over-ride any of those innocent whitelists. I noticed they haven't changed since 12-21-2004, that shows their stability. ** I am the author of those rules, get them here. http://www.rulesemporium.com/rules/70_sare_spoof.cf Frederic Tarasevicius Internet Information Services, Inc. http://www.i-is.com/ 810-794-4400
