On 12/04, David F. Skoll wrote: > http://sourceforge.net/projects/aper/ > > Their phishing_links file did have the URL you reported in it:
But did it contain that url at the time he received the email? That seems to be a very important question with these things. > So all some kind soul needs to do is write a SpamAssassin plugin that > gets the link list from the project and looks for URLs in message bodies > (or even just the Google formkey values which are pretty likely to be > unique.) Or a script, similar to their https://aper.svn.sourceforge.net/svnroot/aper/addresses2spamassassin.pl which grabs https://aper.svn.sourceforge.net/svnroot/aper/phishing_links and converts it to SA rules. Since something (other than an SA plugin) is going to need to download the file anyway, might as well convert it to rules in the process. Shouldn't be too hard, right? Maybe use \Q\E to avoid needing to escape everything? > Oh, somewhat off-topic but in case anyone with clout at Google is > reading this: More than a year ago, I recommended to Google that all > of their user-created forms should display this text: > > "This is a user-created form hosted at Google. Do not enter sensitive > information such as credit card numbers or passwords. If you are asked > to enter such information, please report this form as abusive." > > but Google never got back to me. It seems to me they're complicit in > helping phishers... You think people who will enter sensitive information into a random web form will even read that warning? Or be prevented from entering that information even if they do read it? Also, it seems like it would be pretty obnoxious for people who constantly use that stuff legitimately (which I don't). On 12/04, Eric Krona wrote: > -0.5 BAYES_05 BODY: Bayes spam probability is 1 to 5% Is your bayes data poisoned? ( http://wiki.apache.org/spamassassin/ImproveAccuracy ) -- "I don't want to die... just yet... not while there's... women." - J. Matthew Root, 8/23/02 (http://www.jmrart.com/) http://www.ChaosReigns.com
