-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is my custom spamass rule file to block Phishing emails. Please note that this is aggressive and you may want to lower scores. But I refuse to lower scores for my mail server :)
Murty's Phish Block: http://solar.murty.net/~murty/sa/Murty.phishblock.cf Treats an email as phish if the following two conditions are met: 1. Body contains some keywords: bank, ebay, paypal, FDIC, NASD etc 2. Body contains insecure http:// URLs If the above two conditions are met, we assign a total score ranging from 3.0 to 4.0 (As I said, you may change these for your setup to be less aggressive). So, if the email collects an additional score of 1 or 2 points from other spamassassin checks, then it is rejected. (I used milter-spamc/spamd for inline realtime rejection) Work around: I recommend that you send a TID (Tinyurl ID) instead of insecure http:// URLs to bypass the above ruleset. For example, in your email, say: "Go to my TID aqgmq to discover secret of the universe" instead of saying: "Go to my http://x.y.z/jf/j ... universe". Then the email recipient will visit http://tinyurl.com/aqgmq because aqgmg is the TID. If you use Firefox, you can get Tinyurl creator plugin at TID 33t9h Another Work around: Just dont email insecure URLs :) Send only https:// URLs in your insecure emails. I dont see any reason why Banks, Broker-Dealers, ebay, paypal, etc cannot use https:// links in all their email communications. Real Solution: The real solution to phishing is to use PKI. Send secure emails using either S/MIME or PGP/GPG MIME formats. You can get free email certificates from CAcert (TID 8rqng) or several other companies such as Thawte, if you want to use S/MIME. Or just use PGP/GPG MIME which does not cost anything. (For those general masses that depend on Microsoft Outlook for email needs, I recommend S/MIME. You can also use GPG with Outlook using this nice free software at TID 5hbp5 on Windows; you dont need GPG for Windows seperately, if you use this software program) Although secure email (PGP, GPG, S/MIME) support is already available in so many email clients, majority of people are still not using it. Companies are playing hide and seek. I see ABSOLUTELY no reason why companies (especially ebay, paypal, banks, brokers) are not using S/MIME emails or GPG/MIME emails . If enough mail servers aggressively reject insecure emails from these companies, then we will see some changes. (I get the feeling that big companies like eBay outsourced their brains to those countries where there are a lot of phishermen) I know I probably repeated a few things others already might know. Also, I have nothing against standard http links in favor of tinyurl service. Its just that I find insecure emails with insecure http links very vulnerable. I really think banks/brokers (ebay, paypal included) SHOULD use PKI for email needs and not use TIDs replace URLs. I hope this helps somebody, Murty -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFCtW4YTjCkEJGBE14RAm0DAKCdtmrtpiw2dLcXAv6dpY5i8HPQkgCeM7n3 0NLMfcURZ1EmxQHKbyXmwKA= =sn3w -----END PGP SIGNATURE-----
