RE: SA and Spear Phishing

Fri, 18 Mar 2011 21:15:04 -0700 


----------------------------------------
> Date: Fri, 18 Mar 2011 20:42:25 -0700
> From: j...@earthlink.net
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
>
> Now, I bet SpamAssassin could be run "twice", one with the standard setup
> and the second one with extremely trimmed down rules plus a batch of
> your own rules. If the first one hits the spam gets at least the normal
> spam handling. If the second one hits you frame the email with HTML
> arranged to put that kind of a full screen warning on display PLUS
> wrapping the message itself in a bright red border. The latter would
> be in case of javascript being turned off.
>
> Of course, a second spamassassin may be overkill. The alternative means
> learning other scripted tools like procmail or whatever you use in its
> place. And it may mean writing up a small perl filter to search for the
> evil words or phrases and build the warning around the message.
>
> This might even be a worthwhile tool for other people. If so, take this
> drop of silliness and run with it. It feels like there is some good in
> the idea.
>

Yeah, makes sense that bag of words can fight against a subset of spear phish.

I guess it all comes down to lack of proper evaluation, which makes this 
subject merely "unknown", rather than anything else.

when it comes to software, it is easier to predict its performance (even 
without running proper evaluations). but when it comes to humans, it's far more 
difficult to predict their behavior.

I think that "maybe", we find it easier to throw it on humans, and it turns out 
to work better, not because it is evaluated to be better, but because it is 
harder to disprove it due to the complex nature of humans abilities.


> Meanwhile your IP address lives in the headers so the direct path reveals
> more than maybe somebody wanting anonymity might desire. {o.o}
>
> Hamad, this is a group in which you can benefit strongly from candor,
> honesty, and openness. The more information the excellent minds here
> receive the better the help you can receive. (Trust me, that plays hob
> with my paranoia, too.)
>
> {^_^}

I know that.. not that coward (yet). heh.
                                          
























					Reply via email to