On Fri, 24 Feb 2017 18:07:50 +0000 RW <rwmailli...@googlemail.com> wrote:
> > OK. Any FPs, though? That's the other half of the test. > No, but it's pretty unlikely there would be. Actually, it's very likely there will be a lot of FPs, but it's also very likely that any given user of the list won't see them. That's because when someone's email address gets compromised and then the system administrator clears it up, the only recipients to suffer false-positives are those with whom the sender would normally correspond. We have seen a few of these cases happen. > It seems like a lot of hassle for little benefit. The APER doesn't catch all that much, nor do the known-phishing URLs catch much, but every little bit helps. As a data point, one of our installations scanned 4 million messages yesterday. Of those, only 262 hit our known-phishing URL list (which uses APER and additional sources) and 155 hit APER's known-phishing email address list. But maybe those few hundred were really worth stopping because they prevented phishing attacks. Who knows? Regards, Dianne.
