PaulDotCom mailing list archives

How to Proactivly protect against Phising attacks?

From: raffi at flossyourmind.com (Raffi Jamgotchian)
Date: Thu, 18 Dec 2008 20:28:11 -0500

Most of my clients have moved to outsourced spam filtering like  
protectedmail (cheap) or postini. I did have one client that we used  
Astaro's spam filtering on it and it was really good starting with  
v7.  Prior to that we had a lot of whitelisting to do.

As Jack knows, we had to turn off the smtp proxy due to complications  
related to our specific installation. I'm hoping to get it back on at  
some point...maybe a weekend that I feel like working ;-)

On Dec 18, 2008, at 4:01 PM, Jack Daniel wrote:

Vendor-neutral mail gateway suggestions-

Make sure you are running current versions of the firmware so that you
have all the latest features (7.305 is current for your Astaro)

Use the extra tools such as RBLS (conservative RBLS, not the one that
block indiscriminately), RDNS checks, greylisting, HELO validation,
SPF checks, BATV, etc. Don't rely on the spam ID system only.  If
these features cause problems, create exceptions or exclusions for the
problem senders, don't just disable the feature.

Jack


2008/12/18  <infolookup at gmail.com>:

Thanks for all the response that I have gotten so far, the steps  
that we
have taken are;

1. Contact our Gateway vendor for new ways on blocking spammers

2. Sent out emails to our community informing them to never send  
there
personal information and forward us any suspects emails.

3. Also try to remove the emails before our users get to them when  
possible.


I am mostly concern as to what other methods are everyone else  
using, also
if anyone has Astaro how are you using it?

Has anyone tried tracking down Spammers or a Botnet before in the  
hopes of
monitoring what the are up to?

Sent from my Verizon Wireless BlackBerry

________________________________
From: "Jim Halfpenny"
Date: Thu, 18 Dec 2008 14:11:05 +0000
To: <infolookup at gmail.com>; PaulDotCom Security Weekly Mailing
List<pauldotcom at mail.pauldotcom.com>
Subject: Re: [Pauldotcom] How to Proactivly protect against Phising  
attacks?
You can check out the headers of the email address. They could  
indicate
where the emails originated from which may or may not be helpful.  
Check your
mail relay to ensure that it's secure and does not accept mail  
originating
from your domain from the internet. If you need to accept mail from  
your
users from outside your network consider using SSL and  
authentication.

You should give some consideration to the motive of these attacks.  
Are the
passwords useful for anthing else other than email? Are the same  
passwords
used for desktop logins, VPN, web applications etc.

Regards,
Jim

2008/12/18 <infolookup at gmail.com>


Hello All:

We have been targeted a lot recently by what seem to be the same  
group of
spammers trying to get email credentials from our users.

Each time the try to change the email format so it looks more like a
legitimate email from our IT department. Not to mention sending from
different email accounts each time.

Any idea how we can go about trying to track down the origin of  
these
emails(mail server or actually host sending the emails), and  
notify the ISP
or someone?

Or even proactivly block these Phising attacks. How do others deal  
with
this type of behaviors?

Our setup --?Astaro Email Gateway, and Exchange 2003.

All ideas are welcomed.
Sent from my Verizon Wireless BlackBerry
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://blog.uncommonsensesecurity.com
http://www.linkedin.com/in/jackadaniel
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

How to Proactivly protect against Phising attacks? infolookup at gmail.com (Dec 18)
- How to Proactivly protect against Phising attacks? Tim Krabec (Dec 18)
- How to Proactivly protect against Phising attacks? Robin Wood (Dec 18)
  - How to Proactivly protect against Phising attacks? Arch Angel (Dec 18)
- How to Proactivly protect against Phising attacks? Jim Halfpenny (Dec 18)
  - How to Proactivly protect against Phising attacks? Arch Angel (Dec 18)
  - How to Proactivly protect against Phising attacks? infolookup at gmail.com (Dec 18)
    - How to Proactivly protect against Phising attacks? Jack Daniel (Dec 18)
    - How to Proactivly protect against Phising attacks? Raffi Jamgotchian (Dec 18)
- How to Proactivly protect against Phising attacks? Jack Daniel (Dec 18)