[Mimedefang] Blocking phishing

Todd Aiken todd.aiken at ubishops.ca
Tue Jan 31 11:36:40 EST 2012 

-----Original Message-----

From: "David F. Skoll" <dfs at roaringpenguin.com>
Reply-To: "mimedefang at lists.roaringpenguin.com"
<mimedefang at lists.roaringpenguin.com>
Date: Mon, 30 Jan 2012 12:20:02 -0500
To: "mimedefang at lists.roaringpenguin.com"
<mimedefang at lists.roaringpenguin.com>
Subject: Re: [Mimedefang] Blocking phishing

>On Mon, 30 Jan 2012 09:55:51 -0500
>Todd Aiken <todd.aiken at ubishops.ca> wrote:
>
>> I'm just wondering if there are other people on this list that are
>> experiencing the same type of phishing, and what they are doing to
>> stop it?
>
>We use our commercial CanIt software (and ubishops.ca should use it
>too! :))
>
>Seriously, our CanIt software includes a few features to help reduce
>this:
>
>1) We make use of the Anti-Phishing Email Reply address list at
>http://code.google.com/p/anti-phishing-email-reply/
>
>If you block mail to *and* from addresses in that list and scan the
>body for known phishing URLs, you can catch some stuff.  The list is
>updated very frequently.  Also, I'm a committer so whenever we catch a
>phishing attempt, we update the list.
>
>2) We use outbound rate limiting so that if an account is phished,
>it gets blocked rather quickly.  Our software allows you to specify a
>limit on the number of RCPTs per hour for any given sender or client IP
>address.  If this rate is exceeded, the software 5xx's any attempt to send
>mail.  It also alerts the administrator.  (You can make exceptions for
>accounts that you know [sic] are secure and that legitimately send large
>volumes of email.)
>
>Neither feature is particularly hard to get working with MIMEDefang if
>you don't want to use CanIt.

Thanks very much David for your suggestions.  I've successfully
implemented checks to the Anti-Phishing Email Reply list based on some of
the example files I found in svn. I've also requested a subscription to
the mailing list so that I can submit anything that sneaks through to us.

You know, if you wouldn't be so nice to people and tell them how to fix
their problems for free, maybe more people would buy CanIt instead of
continuing to use MIMEDefang!  :-)  Seriously though, it's hard to justify
to upper management that we need to purchase a product when our current
free solution is working so well, especially with the tight budgets that
we have to work with.  I guarantee though, as long as I'm still the
sysadmin here responsible for email, if we did have the money to spend and
were looking for something better, CanIt would be at the top of the list.

Thanks again.


Todd A. Aiken
Systems Analyst & Administrator
ITS Department
BISHOP'S UNIVERSITY
2600 College Street
Sherbrooke, Quebec
CANADA   J1M 1Z7

More information about the MIMEDefang mailing list