[Mimedefang] SNARE spam detection (Phishing list)
Henrik K
hege at hege.li
Thu Jul 30 01:16:16 EDT 2009
On Wed, Jul 29, 2009 at 07:08:57PM -0700, - wrote:
>
> --- On Wed, 7/29/09, David F. Skoll <dfs at roaringpenguin.com> wrote:
> 2009, 5:51 PM
> > John Nemeth wrote:
> > > Something that would be nice here would be a DNSBL style list that
> > > sites could use for checking outgoing mail to prevent endusers from
> > > sending mail to phishers.
> >
> > We've incorporated data from:
> >
> > http://code.google.com/p/anti-phishing-email-reply/source/browse/trunk/phishing_reply_addresses
> >
> > into our commercial products. We don't make it avaiable via DNSBL,
> > but do make it downloadable by customers with updates several times a
> > day. Hacking something like that into a MIMEDefang filter is quite
> > doable.
>
> As it lists mailboxes, not domains, it doesn't scale to a DNSBL. A better
> implementation may be as a sendmail text map file, called from custom
> header rulesets than to have it looked up under MD. However, that would
> require a cron-job to check and update it on a regular basis (includign
> any needed reformatting), while MD could work with it from a remote host
> UDP or TCP connection.
EmailBL is already a proven concept. Nothing prevents using DNS for it.
http://www.nabble.com/EmailBL-plugin-released-tt23499058.html
http://www.nabble.com/forum/Search.jtp?query=emailbl&local=y&forum=191
That google list is somewhat useless, since it's only seldomly manually
updated. We had good success making a realtime list from spamtrap data.
Since it's just freemail emails, the scale is manageable and less FP/DoS
prone.
Just didn't have anyone currently to dedicate time and resources to make it
a well run a public service.
More information about the MIMEDefang
mailing list