Yet Another Ninja wrote: >> I'm trying hard to convince myself this data is really useful. >> >> the whole >> http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses >> file has 4518 entries, including vintage 2008 >> >> compared to the big_boyz my trap feed is quite small and I >> collected 1598 entries during the last 4 hrs
Well, this is different from traps ... though admittedly not by much. The fact that it's updated so frequently is a merit, and the reason dates are noted is so that you can adjust accordingly. The emailBL mechanism could easily be populated by a spamtrap, but the danger from false positives (forged sender addresses) would be quite real. Maybe only publish addresses that pass or fail SPF/DKIM/etc, so that domains without a way to verify authenticity are immune to it? >> does anybody have any hit metrics? Mike Cardwell responded: > The list was set up to satisfy a very specific group of users that > were being targetted by a very specific scam. Spear Phishing > against Higher Education institutions in the UK and USA. It was > originally discussed on a mailing list run by "nd.edu" which can > only be subscribed to by people who are in that particular sector. > For that particular group, the list has been useful. How useful it > is for people outside of that scenario, I don't know. This is why I set up the emailbl in the first place: to see what it does. We need an SA plugin next.
