Hello Bill,
Thank you so much for your views. I agree that your customers would not
like it if you share information. But Oliver suggested , I need only the
source IP addresses of the Spam and Ham emails , which can even be
anonymized in the last octet.
Will that still be a privacy concern?
On
On Tue, 28 Jun 2016 14:13:57 + David Jones wrote:
>If I search the Internet for the CEO/CIO/CTO/etc of a company
>and send and email from my domain but make the displayed name
>in the visible From: be that CEO/CIO/CTO/etc's full name that
>the recipient is used to seeing in the mail client, the
Shivram
> Though I have devised a mechanism to generate these blacklists, I am
> not
> finding a suitable evaluation metric. It would be great if somebody
> could
> give me a dataset of source IP addresses of emails received by your
> network
> which have been marked as HAM/SPAM by Spamassassi
On 28 Jun 2016, at 20:33, Shivram Krishnan wrote:
Hey Guys,
I am a researcher at the University of Southern California (
https://steel.isi.edu/ ), and I have been working on making
Blacklists
more effective by combining different sources of Blacklists, and
creating a
Blacklists specific for
Hey Guys,
I am a researcher at the University of Southern California (
https://steel.isi.edu/ ), and I have been working on making Blacklists
more effective by combining different sources of Blacklists, and creating a
Blacklists specific for a particular network.
Though I have devised a mechanis
David Jones wrote on 29/06/16 2:13 AM:
>> From: RW
>> That wont work in this example because nothing has actually been
>> spoofed.
>
> Exactly. If I search the Internet for the CEO/CIO/CTO/etc of a company
> and send and email from my domain but make the displayed name in
> the visible From: be
Le 28/06/2016 à 16:13, David Jones a écrit :
From: RW
That wont work in this example because nothing has actually been
spoofed.
...
All it takes is a compromised account on a trusted mail server (happens
all of the time) to provide a conduit for this type of phishing email. Very
easy to
>Am I missing something here:
Respectfully, you are.
>An email comes in from the CEO of the business - seemingly from the company,
>and has a Spam score of 7.5
I am talking about legit emails from trusted senders that won't
hit FREEMAIL_FORGED, RBLs, DBLs or any high scoring rules so
they are b
On Tue, 28 Jun 2016 16:10:12 +0200
Reindl Harald wrote:
> Am 28.06.2016 um 16:00 schrieb RW:
> > On Mon, 27 Jun 2016 22:15:30 +0200
> > Reindl Harald wrote:
> >
> >> Am 27.06.2016 um 21:27 schrieb Vincent Fox:
> >>> I saw a reference today in my MxToolbox report, to an RBL named
> >>> Protecte
Groach kirjoitti 28.6.2016 17:24:
> On 28/06/2016 16:13, David Jones wrote:
>
> David Jones wrote on 29/06/16 12:46 AM:
>
> No, technology can help. The IT department sets up the mail client
> that the CEO uses when out of the office so that it sends mail using
> the company mail server with SSL
On 28/06/2016 16:13, David Jones wrote:
David Jones wrote on 29/06/16 12:46 AM:
No, technology can help. The IT department sets up the mail client
that the CEO uses when out of the office so that it sends mail using
the company mail server with SSL/TLS and user authentication. Or it
uses the com
About the only way to combat these sorts of things is to have proper
financial processes in place. In other words, have checks to ensure
that no-one can initiate a wire transfer without a vendor invoice,
etc. Common sense stuff... but it's so easy to slip and you only have
to slip once. :(
Regar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Reindl Harald kirjoitti 28.6.2016 16:56:
> Am 28.06.2016 um 15:25 schrieb Jari Fredriksson:
>>> Almost all the phishes I've received in the last few years have done
>>> this - except that they have something like "paypal support" rather
>>> than an ind
>From: RW
>Sent: Tuesday, June 28, 2016 8:50 AM
>To: users@spamassassin.apache.org
>Subject: Re: Catching well directed spear phishing messages
>On Wed, 29 Jun 2016 01:30:55 +1200
>Sidney Markowitz wrote:
>> David Jones wrote on 29/06/16 12:46 AM:
>> > This is pure social engineering that ca
Am 28.06.2016 um 16:08 schrieb Jari Fredriksson:
Reindl Harald kirjoitti 28.6.2016 16:56:
Am 28.06.2016 um 15:25 schrieb Jari Fredriksson:
Almost all the phishes I've received in the last few years have done
this - except that they have something like "paypal support" rather
than an individua
Am 28.06.2016 um 16:00 schrieb RW:
On Mon, 27 Jun 2016 22:15:30 +0200
Reindl Harald wrote:
Am 27.06.2016 um 21:27 schrieb Vincent Fox:
I saw a reference today in my MxToolbox report, to an RBL named
Protected Sky which had like double the listing activity of
Spamhaus. Does anyone know anythin
On Wed, 29 Jun 2016 01:30:55 +1200
Sidney Markowitz wrote:
> David Jones wrote on 29/06/16 12:46 AM:
> > This is pure social engineering that can't be stopped by
> > technology. The AP dept has to have proper safeguards and out of
> > band validation (i.e. phone call to the "Recognized Name").
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Reindl Harald kirjoitti 28.6.2016 16:56:
> Am 28.06.2016 um 15:25 schrieb Jari Fredriksson:
>>> Almost all the phishes I've received in the last few years have done
>>> this - except that they have something like "paypal support" rather
>>> than an ind
On Mon, 27 Jun 2016 22:15:30 +0200
Reindl Harald wrote:
> Am 27.06.2016 um 21:27 schrieb Vincent Fox:
> > I saw a reference today in my MxToolbox report, to an RBL named
> > Protected Sky which had like double the listing activity of
> > Spamhaus. Does anyone know anything about this outfit?
>
Am 28.06.2016 um 15:25 schrieb Jari Fredriksson:
Almost all the phishes I've received in the last few years have done
this - except that they have something like "paypal support" rather
than an individual's name.
Ah, so true
you should look at that - enters my junk folder even with a
white
Am 28.06.2016 um 15:30 schrieb Sidney Markowitz:
You are right that social engineering can't be stopped by technology. The
company should have procedures in place that provide the flexibility that CEO
seems to need but will still prevent the fraud even in the face of successful
social engineeri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
RW kirjoitti 28.6.2016 16:10:
> On Tue, 28 Jun 2016 15:52:10 +0300
> Jari Fredriksson wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> David Jones kirjoitti 28.6.2016 15:46:
>
>> > One of my customers has been hit by at least one o
David Jones wrote on 29/06/16 12:46 AM:
> This is pure social engineering that can't be stopped by technology. The AP
> dept has to have proper safeguards and out of band validation (i.e. phone
> call to the "Recognized Name").
No, technology can help. The IT department sets up the mail client th
On Tue, 28 Jun 2016 15:52:10 +0300
Jari Fredriksson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> David Jones kirjoitti 28.6.2016 15:46:
> > One of my customers has been hit by at least one of these emails
> > even with good RBLs in use and properly trained Bayes. The emails
> >
Am 28.06.2016 um 14:52 schrieb Jari Fredriksson:
I just refuse the believe that the technology has to trust to the
From:.*xxx in the smtp payload and not reject this at once. Does the
customer use some dmarc-implementation in their mail chain at all?
well, when none of your users are supposed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
David Jones kirjoitti 28.6.2016 15:46:
>> From: Sidney Markowitz
>> Sent: Tuesday, June 28, 2016 3:15 AM
>> To: Ram; users@spamassassin.apache.org
>> Subject: Re: Catching well directed spear phishing messages
>
>> Ram wrote on 28/06/16 7:19 PM:
>>>
>From: Sidney Markowitz
>Sent: Tuesday, June 28, 2016 3:15 AM
>To: Ram; users@spamassassin.apache.org
>Subject: Re: Catching well directed spear phishing messages
>Ram wrote on 28/06/16 7:19 PM:
>>
>>
>> On Tuesday 28 June 2016 12:03 PM, Raymond Dijkxhoorn wrote:
>>> Hai!
>>>
>>> I dont und
Ram wrote on 28/06/16 7:19 PM:
>
>
> On Tuesday 28 June 2016 12:03 PM, Raymond Dijkxhoorn wrote:
>> Hai!
>>
>> I dont understand why they would match your spf record either. Are they
>> sended out by a IP adres you 'approved' ??
> SPF does not fail , because they use a different envelope address
On Tuesday 28 June 2016 12:03 PM, Raymond Dijkxhoorn wrote:
Hai!
I dont understand why they would match your spf record either. Are they sended
out by a IP adres you 'approved' ??
SPF does not fail , because they use a different envelope address..
which may pass SPF
The end recipient does n
29 matches
Mail list logo