[Mimedefang] Blocking phishing
David F. Skoll
dfs at roaringpenguin.com
Mon Jan 30 12:20:02 EST 2012
On Mon, 30 Jan 2012 09:55:51 -0500
Todd Aiken <todd.aiken at ubishops.ca> wrote:
> I'm just wondering if there are other people on this list that are
> experiencing the same type of phishing, and what they are doing to
> stop it?
We use our commercial CanIt software (and ubishops.ca should use it
too! :))
Seriously, our CanIt software includes a few features to help reduce
this:
1) We make use of the Anti-Phishing Email Reply address list at
http://code.google.com/p/anti-phishing-email-reply/
If you block mail to *and* from addresses in that list and scan the
body for known phishing URLs, you can catch some stuff. The list is
updated very frequently. Also, I'm a committer so whenever we catch a
phishing attempt, we update the list.
2) We use outbound rate limiting so that if an account is phished,
it gets blocked rather quickly. Our software allows you to specify a
limit on the number of RCPTs per hour for any given sender or client IP
address. If this rate is exceeded, the software 5xx's any attempt to send
mail. It also alerts the administrator. (You can make exceptions for
accounts that you know [sic] are secure and that legitimately send large
volumes of email.)
Neither feature is particularly hard to get working with MIMEDefang if
you don't want to use CanIt.
Regards,
David.
More information about the MIMEDefang
mailing list