Re: [spf-discuss] SPF, DKIM, and NIH
2009-10-19 05:16:54
--On 16 October 2009 14:27:28 -0700 David MacQuigg
<macquigg(_at_)ece(_dot_)arizona(_dot_)edu> wrote:
<http://www.scamnailer.info/> has a script that will update
spamassassin or clamav configurations with a list of about 14k
addresses that have been used for scamming. I think the S/A rules
generalises from those addresses a little.
I'm having a hard time believing this actually works. Of the spam
hitting your receiver, what percent is rejected by finding a *bad*
individual sender address on the scamnailer list?
I've seen successful spear phishing attacks that would have failed if we'd
implemented this check at the time. The proportion doesn't much matter.
It's the harm avoided that matters.
It just doesn't make sense that a spammer with an unlimited supply of
free unknown addresses would continue using a specific individual sender
address that is known worldwide as "bad". Why not just switch to the
next "unknown" name. Unknown is always better than definitely bad.
Phishers seem to spend quite a significant amount of effort obtaining
addresses with good reputation. For example, I've seen an exchange of
emails with a sceptical user, wondering why "we" were asking her for her
password when she'd seen our anti-phishing posters. The phisher said "yes,
I know, but in this case we really need it." After a few exchanges, she
gave up her password.
I've seen academic accounts used for spamming, for a period of several
weeks. Usually, such sites will stamp on abuse quite quickly, but not
always. It's well worth having an infrastructure that's capable of
punishing the account without harming the business relationship that relies
on. In fact, I'd welcome an infrastructure that could effectively turn off
one of my accounts without getting me out of bed - provided it was free of
false positives. I'd certainly prefer it to having my domain switched off.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/
[http://www.listbox.com/member/]
Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- Re: [spf-discuss] SPF, DKIM, and NIH, (continued)
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Stuart D. Gathman
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Sanford Whiteman
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] SPF, DKIM, and NIH,
Ian Eiloart <=
- Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg
- Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart
- Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Steven Dorst
- Re: Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Stuart D. Gathman
- RE: Spear Phishing (was: [spf-discuss] SPF, DKIM, and NIH), Steven Dorst
- [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Ian Eiloart
- Re: [spf-discuss] Tracking userids --was: SPF, DKIM, and NIH, Alessandro Vesely
|
Previous by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart |
Next by Date: |
Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart |
Previous by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, Ian Eiloart |
Next by Thread: |
Re: [spf-discuss] SPF, DKIM, and NIH, David MacQuigg |
Indexes: |
[Date]
[Thread]
[Top]
[All Lists] |
|
|