Re: [spf-discuss] SPF, DKIM, and NIH

--On 19 October 2009 07:01:57 -0700 David MacQuigg 
<macquigg(_at_)ece(_dot_)arizona(_dot_)edu> wrote:
> "Would have" is not enough.  Too many websites like this are selling
> snake oil.  Let us know when you have some actual experience using a
> product or service.
It's enough to me to know that the address was listed on the date that this 
particular phishing event occurred. That's not snake oil.
> Effectiveness (percent rejected) does matter.  Even if the product were
> free, the install and admin costs would need to be justified by more than
> one remarkable instance.  With spam and phishing, the game is numbers.
> Criminals get about one in 12 million "click through".  Good anti-spam
> services get well over 99% blocking.  A technique that blocks less than
> 1% is not worth considering.
The one thing that particularly concerns me at the moment is spear 
phishing; I investigate every report that I get, spending between 10 
minutes and an entire working day, depending on the severity. It impacts on 
the security of my site. Spear phishing is less than 1% of the unwanted 
mail that we see. Probably less than 0.01%, but it's the biggest problem 
that we have.
If we can reduce the number of spear phishing emails that we deliver even 
by just 50%, that's a real benefit for our site.
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/


-------------------------------------------
Sender Policy Framework: http://www.openspf.org [http://www.openspf.org]
Modify Your Subscription: http://www.listbox.com/member/ 
[http://www.listbox.com/member/]

Archives: https://www.listbox.com/member/archive/735/=now
RSS Feed: https://www.listbox.com/member/archive/rss/735/
Powered by Listbox: http://www.listbox.com