[Mimedefang] SNARE spam detection (Phishing list)

Henrik K hege at hege.li
Thu Jul 30 01:16:16 EDT 2009


On Wed, Jul 29, 2009 at 07:08:57PM -0700, - wrote:
> 
> --- On Wed, 7/29/09, David F. Skoll <dfs at roaringpenguin.com> wrote:
> 2009, 5:51 PM
> > John Nemeth wrote:
> > >      Something that would be nice here would be a DNSBL style list that
> > > sites could use for checking outgoing mail to prevent endusers from
> > > sending mail to phishers.
> > 
> > We've incorporated data from:
> > 
> > http://code.google.com/p/anti-phishing-email-reply/source/browse/trunk/phishing_reply_addresses
> > 
> > into our commercial products.  We don't make it avaiable via DNSBL,
> > but do make it downloadable by customers with updates several times a
> > day.  Hacking something like that into a MIMEDefang filter is quite
> > doable.
> 
> As it lists mailboxes, not domains, it doesn't scale to a DNSBL.  A better
> implementation may be as a sendmail text map file, called from custom
> header rulesets than to have it looked up under MD.  However, that would
> require a cron-job to check and update it on a regular basis (includign
> any needed reformatting), while MD could work with it from a remote host
> UDP or TCP connection.

EmailBL is already a proven concept. Nothing prevents using DNS for it.

http://www.nabble.com/EmailBL-plugin-released-tt23499058.html
http://www.nabble.com/forum/Search.jtp?query=emailbl&local=y&forum=191

That google list is somewhat useless, since it's only seldomly manually
updated. We had good success making a realtime list from spamtrap data.
Since it's just freemail emails, the scale is manageable and less FP/DoS
prone.

Just didn't have anyone currently to dedicate time and resources to make it
a well run a public service.




More information about the MIMEDefang mailing list