Re: Phishing rules?
Randy <email@example.com> writes:
> Micah Anderson wrote:[color=green]
>> Sadly, I do not have an example I can share at the moment, as I
>> typically delete them in a rage after training my bayes filter on
>> them. However, I am looking for any suggestions of other things I can
>> turn on... in particular, are there rules that people have created that
>> look for certain keywords where the body is asking for your
>> account/password information?
> Report these and maybe they will add something that catches them. If
> one wanted to, they can get any mail the want through your filters if
> they are good and don't use things that trigger the rules.[/color]
Report them where exactly?
Here is an example one I received recently, note the hideously low bayes
score on this one, caused it to autolearn as ham even, grr.
From [email]firstname.lastname@example.org[/email] Fri Oct 31 20:00:45 2008
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on spamd2.riseup.net
X-Spam-Status: No, score=-3.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW
Received: from mx1.riseup.net (unknown [10.8.0.3])
by cormorant.riseup.net (Postfix) with ESMTP id 58BFA19581F7
for <email@example.com>; Fri, 31 Oct 2008 20:00:40 -0700 (PDT)
Received: from master.debian.org (master.debian.org [22.214.171.124])
by mx1.riseup.net (Postfix) with ESMTP id AA4465701D1
for <firstname.lastname@example.org>; Fri, 31 Oct 2008 20:00:39 -0700 (PDT)
Received: from cat.cybersurf.net ([126.96.36.199] helo=cat.cia.com)
by master.debian.org with esmtp (Exim 4.63)
for [email]email@example.com[/email]; Sat, 01 Nov 2008 03:00:38 +0000
Received: from reef.cybersurf.com ([188.8.131.52])
by cat.cia.com with esmtp (Exim 4.50)
id 1Kw6iz-0002Li-Pg; Fri, 31 Oct 2008 21:00:29 -0600
Received: from apache by reef.cybersurf.com with local (Exim 4.44)
id 1Kw6j0-0006W5-UJ; Fri, 31 Oct 2008 20:00:30 -0700
Received: from 196-207-0-227.netcomng.com (196-207-0-227.netcomng.com [184.108.40.206])
by webmail.3web.com (IMP) with HTTP
for <firstname.lastname@example.org>; Sat, 1 Nov 2008 14:00:30 +1100
Date: Sat, 1 Nov 2008 14:00:30 +1100
From: WEBMAIL Help Desk <email@example.com>
Subject: WEBMAIL Help Desk
Content-Type: text/plain; charset=ISO-8859-1
User-Agent: Internet Messaging Program (IMP) 3.2.1
X-Virus-Scanned: ClamAV 0.94/8552/Fri Oct 31 18:14:36 2008 on mx1.riseup.net
Dear Webmail User,
This message was sent automatically by a program on Webmail which
periodically checks the size of inboxes, where new messages are
The program is run weekly to ensure no one's inbox grows too large. If
your inbox becomes too large, you will be unable to receive new email.
Just before this message was sent, you had 18 Megabytes (MB) or more of
messages stored in your inbox on your Webmail. To help us re-set your
SPACE on our database prior to maintain your INBOX, you must reply to
this e-mail and enter your
Current User name ( )
and Password( ).
You will continue to receive this warning message periodically if your
inbox size continues to be between 18 and 20 MB. If your inbox size
grows to 20 MB, then a program on Bates Webmai
will move your oldest email to a
folder in your home directory to ensure that you will continue to be
able to receive incoming email. You will be notified by email that this
has taken place. If your inbox grows to 25 MB, you will be unable to
receive new email as it will be returned to the sender.
After you read a message, it is best to REPLY and SAVE it to another
Thank you for your cooperation.
WEBMAIL Help Desk
3webXS HiSpeed Dial-up...surf up to 5x faster than regular dial-up alone...
just $14.90/mo...visit [url]www.get3web.com[/url] for details