How to Proactivly protect against Phising attacks?

[jackadaniel at gmail.com (Jack Daniel)]

Vendor-neutral mail gateway suggestions-

Make sure you are running current versions of the firmware so that you
have all the latest features (7.305 is current for your Astaro)

Use the extra tools such as RBLS (conservative RBLS, not the one that
block indiscriminately), RDNS checks, greylisting, HELO validation,
SPF checks, BATV, etc. Don't rely on the spam ID system only.  If
these features cause problems, create exceptions or exclusions for the
problem senders, don't just disable the feature.

Jack


2008/12/18  <infolookup at gmail.com>:
> Thanks for all the response that I have gotten so far, the steps that we
> have taken are;
>
> 1. Contact our Gateway vendor for new ways on blocking spammers
>
> 2. Sent out emails to our community informing them to never send there
> personal information and forward us any suspects emails.
>
> 3. Also try to remove the emails before our users get to them when possible.
>
>
> I am mostly concern as to what other methods are everyone else using, also
> if anyone has Astaro how are you using it?
>
> Has anyone tried tracking down Spammers or a Botnet before in the hopes of
> monitoring what the are up to?
>
> Sent from my Verizon Wireless BlackBerry
>
> ________________________________
> From: "Jim Halfpenny"
> Date: Thu, 18 Dec 2008 14:11:05 +0000
> To: <infolookup at gmail.com>; PaulDotCom Security Weekly Mailing
> List<pauldotcom at mail.pauldotcom.com>
> Subject: Re: [Pauldotcom] How to Proactivly protect against Phising attacks?
> You can check out the headers of the email address. They could indicate
> where the emails originated from which may or may not be helpful. Check your
> mail relay to ensure that it's secure and does not accept mail originating
> from your domain from the internet. If you need to accept mail from your
> users from outside your network consider using SSL and authentication.
>
> You should give some consideration to the motive of these attacks. Are the
> passwords useful for anthing else other than email? Are the same passwords
> used for desktop logins, VPN, web applications etc.
>
> Regards,
> Jim
>
> 2008/12/18 <infolookup at gmail.com>
> > Hello All:
> >
> > We have been targeted a lot recently by what seem to be the same group of
> > spammers trying to get email credentials from our users.
> >
> > Each time the try to change the email format so it looks more like a
> > legitimate email from our IT department. Not to mention sending from
> > different email accounts each time.
> >
> > Any idea how we can go about trying to track down the origin of these
> > emails(mail server or actually host sending the emails), and notify the ISP
> > or someone?
> >
> > Or even proactivly block these Phising attacks. How do others deal with
> > this type of behaviors?
> >
> > Our setup --?Astaro Email Gateway, and Exchange 2003.
> >
> > All ideas are welcomed.
> > Sent from my Verizon Wireless BlackBerry
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://blog.uncommonsensesecurity.com
http://www.linkedin.com/in/jackadaniel