> Date: Fri, 18 Mar 2011 16:06:15 -0700
> From: j...@earthlink.net
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
> And for well targeted spearfishing, he's still stuck because nothing
> distinguishes it from his normal mail flow other than "unknown sender"
> or DNS check failures. The human mind can be a better filter against
> such spam than any result of mass checks.
> Off hand I get an impression he is throwing around terms without quite
> understanding them.
>
> {^_^}
I highly appreciate your use of open/honest communication. Not to "pretend"
being the nice boy, nor to defend myself (I'm not offended by that), but merely
to define what is Spear Phishing to make sure we are on same page: Spear
phishing is a form of phishing attacks that are tailored for specific
scenarios/targets based on specific conditions (on top of my head, didn't
google -- honest o/~). E.g. if an attacker knows my boss's name and email
address, and that I'm in charge for certain deals, the attacker can do better
social engineering attacks knowing more information about me.
One of the challenges behind spear phishing is that there is no single
performance evaluation against it. And this inlcludes user-training programmes
too. Why? I suspect that either Spear phish works like magic so that users
don't even recognize it, or that people do not publish it to public domains as
it might include personally identifiable information.
So, it is not that software cannot detect spear, it is just that it is not
documented. The same applies to user/human training approaches. None of them
are documented or evaluated against "real" spear phish. We are always happily
finding enough of bulk-phish to evaluate/measure against, but none of that is
really spear.
So when it comes to spear phish, in my view, a big question mark arises to
indicate that its risk is simply "unknow" to mankind. This is unknown in the
public domain as far as I know, which is why I posted this mail to see if any
of you see any spear phish within the load of SPAM you detect.
I would be really grateful if anyone here tells me his observation against
spear phish. This is a cutting edge problem and not to compare SA against other
appliances (actually I'm quite stuck in deep love with SA :$ -- I find it
really hard to waste any single penny to a commercial anti-spam if I can get
this for free -- as in freedom!).
