On Thu, 17 Mar 2011, Hamad Ali wrote:
Hi folks -- wondering if anyone has monitored SA's performance against phishing mails. SA is able to detect 86% of phishing emails my clients get, with 0.5% false positives on all the ham. It seems non-phish-SPAM is easier to be detected than phish (~99% for non-phish spam).
I think phishing is going to be my next project.
Probably I need to participate on nightly checks to improve phish and lower false positives.
More masscheck participants are always welcome!
But all the above stuff is about bulk-phish, excluding spear phish. I haven't received any spear phishing complain from my clients, and yet none of the detected phish mails are spear phish -- which is alarming as it's too good to be true that no one did spear phishing yet (specially that it works far better than bulk-phish)!
Spear-phishing is probably going to be rather difficult to detect, I'm not sure even a well-trained Bayes would help.
-- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Gun Control is nothing more than an attempt to return to feudalism, where the peasants are helpless and must humbly petition their lord and master to protect them from bandits and thieves (when they can get around to it), and where the lords and masters can abuse the peasants whenever they like without fear of effective resistance. ----------------------------------------------------------------------- 13 days until the M1911 is 100 years old - and still going strong!
