Unfortunately, most of the phishes are under many layers of the main domain. Google, Web of Trust (WOT) and many other virus scanner seem to find it, as was rightly pointed out SaneSecurity's signatures of Phishtank. So as far as phishes we are getting, so far it has not being proved to be very useful, even though some of them were in the wild for a while and Google and WOT caught up with them.
-----Original Message----- From: Reindl Harald [mailto:h.rei...@thelounge.net] Sent: 11 August 2015 13:07 To: users@spamassassin.apache.org Subject: Re: Phishtank and SpamAssassin Am 11.08.2015 um 14:02 schrieb Sujit Acharyya-choudhury: > The URIBL_PH_SURBL is actually not very useful. I have checked a real > phishing site with SURBL and it shows clean in SURBL - I think, SURBL only > looks at the part of the domain. every URIBL check only tests the main-domain of a link, that's how it works - you can't qualify something as "not very useful" because you checked a single site if you have a sensible RBL scoring in front of the contentscanner you won't see much hits because mailservers sending the phishing crap are instantly known and blocked > -----Original Message----- > From: RW [mailto:rwmailli...@googlemail.com] > Sent: 11 August 2015 12:57 > To: users@spamassassin.apache.org > Subject: Re: Phishtank and SpamAssassin > > On Tue, 11 Aug 2015 11:11:56 +0000 > Sujit Acharyya-choudhury wrote: > >> I have seen lot of Phishes submitted in Phishtank.com and yet there >> is no rule to check Phishtank.com. > > There is via URIBL_PH_SURBL. It doesn't score much though
smime.p7s
Description: S/MIME cryptographic signature
