On Sat, 1 Oct 2011, Benny Pedersen wrote:
> On Fri, 30 Sep 2011 14:44:23 -0500, Daniel McDonald wrote:
>
> > Someone ran a beta ADDRBL back in 2009. I still have the code and
> > run a
> > couple of private EmailBL lists.
>
> cool want to share lists ?
>
> i did test it, but gave up on maintaining it self
>
> much simplier to ask for dkim/spf pass and consider the rest as a phish
> :)
>
Unfortunately, you cannot count on dkim/spf pass as a good enough "phish"
filter. I've seen plenty of dkim/spf fails on valid mail and numerous
phishes that passed dkim/spf tests.
Our users are regularly targets of phish attacks. phishers love to
get student accounts at educational institutions (fat pipes, lots of
international traffic, often low oversight), so I've seen plenty
of phishes come from compromised user accounts at other schools.
phish attacks are an almost daily issue here, with all kinds of
variants, some of them quite well done. Even to the extent that they
were clearly reading service bulletins put out by the central IT
staff and crafting 'spear phishing' attacks to align with those
events. ;( (they had a hay-day when central went from Exchange-2007
to Exchange-2010; "You must revalidate your account on the new
mail server, send us your password...").
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
