I did some Googling today and found this: http://www.phishtank.com/stats/2008/07/ Apparently, in July of this year, phishtank.com verified more phishing scams targeting PayPal than the rest of the top 10 targets combined. That pretty impressive, although I must take it with a grain of salt because I don't know anything about phishtank.com or how they collect their stats.
Anecdotally, I personally see a lot of PayPal scam emails and SpamAssassin seems to catch all of them. However, most of my users are not technically literate, nor are they sufficiently skeptical when it comes to official-looking messages. Given the seriousness of falling victim to a phishing scam, I would love to block those messages entirely. If DKIM could stop them once and for all, it would be worth the effort. Here's another way to think about it: spamdyke already does pretty much everything _I_ need it to do. At this point, I continue working on it because it's a hobby and I enjoy it. So even though I have a prioritized TODO list, I'm willing to reshuffle it if even one person expresses a need/desire for something. That's why I'm working on recipient validation now -- it's not something I really need for myself but everyone was asking for it so... If there's a feature you'd rather see in spamdyke before DKIM, now's the time to speak up. :) -- Sam Clippinger Arthur Girardi wrote: > Hi. > > >> I disagree about waiting for a certain (or uncertain) percentage of servers >> in a survey before implementing it though. This isn't a feature about >> convenience or annoyance, it's a feature that will probably have a big >> positive impact on some peoples lives. I think the fact that PayPal and eBay >> have already implemented it (months ago) is a strong indicator of its >> importance. I'd like to know which other major banking institutions have >> implemented it, but I don't. I expect that Chase and BofA will be doing so >> as soon as they can though (based on the phishing emails I've seen). >> >> Perhaps we can agree to disagree on this one. And like I said, I could be >> wrong (again). ;) >> > > Maybe I expressed myself incorrectly. Sure 15-20% is a wild guess of > mine, who serves a not so critical slice of the market, and I try to > keep things stable, avoiding adding too many tools that I don't > consider essential. > > Surely big companies which work with any kind of eletronic commerce or > online payment systems, like the ones you quoted, or any company that > deals with money in a eletronic way, will always attemp to or > implement these edge security enhancements, and well justified. But > aside these cases, I hardly see a real purpose for the majority of > small business people to enter this bloody jungle, other than for > testing. > > In reality, I'm just ranting because I didn't see the major brazilian > banks which also suffer from lots of of pishing, implementing these > tools. Once they do (if the do), and depending on the speed they do, > and also on the result of their work, that will surely have an impact > on my business and consequentially on my decision of implementing it > for myself. > > But one thing is for sure, either way, I (with the viewpoint of small > business hosting provider) will refrain for now from implement > anything like that unless someone puts up a nice tool with lots of > log-spitting like what spamdyke does. :) > > Arthur > > > _______________________________________________ > spamdyke-users mailing list > spamdyke-users@spamdyke.org > http://www.spamdyke.org/mailman/listinfo/spamdyke-users > _______________________________________________ spamdyke-users mailing list spamdyke-users@spamdyke.org http://www.spamdyke.org/mailman/listinfo/spamdyke-users