----------------------------------------
> Date: Fri, 18 Mar 2011 21:20:53 -0400
> From: d...@roaringpenguin.com
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
>
> Spear phishing is inherently hard to detect because it's carefully
> crafted for a small set of victims. We do see it among our customers.
> Sometimes we stop it; sometimes it slips through.
Can I assume that your solution that detected a portion of the spear phish is
100% SA? In case not fully SA, any hints on its mechanics?
Any approximate numbers on percentages of detected spear phish vs. slipped
through ones?
> Something they helps a little bit is the Anti-Phishing Email Reply
> project at http://code.google.com/p/anti-phishing-email-reply/ We use
> and contribute to that list, but it's still reactive rather than
> proactive.
This looks promising (news to me). Thank you. Specially spear phishing"
often"attempts to spoof identities of known relatives of their targets.
> We also try to mitigate post-phishing damage by rate-limiting outbound
> mail. If a phisher steals your credentials and uses them to start
> spamming, our software will block your account if it exceeds the
> admin-specified recipient-per-hour limit. (It also notifies the admin.)
>
> While this doesn't prevent phishing, it can reduce the damage in the
> large class of cases in which credentials are stolen to be used for
> spamming. It also quickly alerts admins to compromised accounts.
I have read some rants against Hotmail and Yahoo! mails in this list, that they
don't rate-limit their abused addresses, which eventually made them bad
Internet citizens.
Thanks and regards for your awesome input!
-- H
