I have used spamassassin as one of my tools to fight phishing for a while. Recently this idea which involves smtpverification and logmonitoring emerged. Monitoring the syslog for certain phishy tags such as EMAIL_URI_PHISH or similar and connecting this to a trigger that extracts the senders emailaddress is giving me a nice overview today. But hooking this up to a script that inserts the sender into the postfix accesslist and requesting smtpverification for those specific senders should be working like a charm.
I can be quite aggressive in which tags I use since I do not classify it as phishing or not, just requesting that the sender actually exists. This will not stop emails sent from legitimate emailservers but botnets and hacked webservers will have a hard time configuring/reimplementing something that works with smtpverification. Has someone done something similair before? Or is smtpverification just a path that you don't want to walk down?
