On Fri, 1 May 2009, Adam Katz wrote:
The emailBL mechanism could easily be populated by a spamtrap, but the danger from false positives (forged sender addresses) would be quite real.
How would the phisher collect the password info from their target using a forged sender address?
Suggestion: ignore the sender address if there is a Reply-To: header or if there is an email address in the body of the message. There might need to be some logic around detecting the contact address in the message body - there could be garbage addresses inserted to get the phishtrap to ignore the sender address...
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Warning Labels we'd like to see #1: "If you are a stupid idiot while using this product you may hurt yourself. And it won't be our fault." ----------------------------------------------------------------------- 7 days until the 64th anniversary of VE day
