Full Disclosure mailing list archives
Re: simple phishing fix
From: Peter Besenbruch <prb () lava net>
Date: Tue, 29 Jul 2008 08:04:04 -1000
On Monday 28 July 2008 20:55:10 Stian Øvrevåge wrote:
You mention phising, but I think quite a few points from the why-your-spam-solution-wont-work-list are relevant: "(x) Mailing lists and other legitimate email uses would be affected
If we stick with the narrowly focused problem of bank phishing spam, I doubt mailing lists would be affected. Yes, stuart, the original poster, spoke of "deny all" tactics, but he certainly wasn't implementing anything like that in practice. At least, I couldn't see it.
(x) It will stop spam for two weeks and then we'll be stuck with it
Yes, you would need to add a new filter from time to time. This would work on your own e-mail account, but I would see problems generalizing to more people.
(x) Users of email will not put up with it
On the other hand, it sounded like the original poster wanted to share lists, so that anyone who wanted to could tweak theirs. People sharing such lists would "put up with it."
(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
I get my share of phishing spam, and most involve about a dozen domains, or less. These domains have remained relatively stable over the last two years. Paypal still dominates. So yes, a list of the common banking sites might reduce the annoyance factor.
(x) Whitelists suck"
They do indeed.
http://craphound.com/spamsolutions.txt 1. Your filter will never be complete, there are too many banks/institutions (with ever-changing domains etc).
See above.
2. Banks/institutions actually sends legitimate mail.
Yes, but I would not do business with a bank that did. Phishing spam has eliminated e-mail as a viable means of communication between banks and their customers. My bank doesn't know my e-mail address, and I don't bank on-line (but that's a whole other kettle of fish).
3. Phishers will find ways to get around the filters, either by registering similar domain-names or by numerous browser/MTA tricks. 4. Users likely to fall for a phish is not very likely to even know what a filter is.
What we are talking about here is the sharing of filter material on a small list of people who can spot a phish from a mile off. Full Disclosure isn't big enough to change the habits of spammers. That said, I haven't made use of any filters specifically to weed out phishing spam. I use Kmail and Bogofilter, and they have caught almost every phishing spam I have received in the last year. Such spam was one of the firsts things that the Bayesian based Bogofilter learned to flag reliably. Bogofilter flags a far greater variety of spam reliably than flagging domains in the "from" field could ever hope to accomplish. -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- simple phishing fix lsi (Jul 27)
- Re: simple phishing fix trejrco (Jul 27)
- Re: simple phishing fix lsi (Jul 28)
- Re: simple phishing fix Nick FitzGerald (Jul 29)
- Re: simple phishing fix Raj Mathur (Jul 30)
- <Possible follow-ups>
- Re: simple phishing fix Biz Marqee (Jul 27)
- Re: simple phishing fix lsi (Jul 28)
- Re: simple phishing fix Biz Marqee (Jul 28)
- Re: simple phishing fix lsi (Jul 28)
- Re: simple phishing fix Stian Øvrevåge (Jul 29)
- Re: simple phishing fix Peter Besenbruch (Jul 29)
- Re: simple phishing fix lsi (Jul 30)
- Re: simple phishing fix Nick FitzGerald (Jul 30)
- Re: simple phishing fix Peter Besenbruch (Jul 30)
- Re: simple phishing fix lsi (Jul 28)
- Re: simple phishing fix Robert Holgstad (Jul 30)
- Re: simple phishing fix blah (Jul 30)
- Re: simple phishing fix Exibar (Jul 30)
- Re: simple phishing fix Dragos Ruiu (Jul 30)
- Re: simple phishing fix Exibar (Jul 30)
- Re: simple phishing fix Dragos Ruiu (Jul 30)
- Re: [inbox] Re: simple phishing fix Exibar (Jul 30)