Micah Anderson wrote:

> I mean attempts to get my users to send their passwords, are these not
> called phishing?
> micah

Yes, it's phishing, but for thos you might want to make local rules to
catch things specific to your own web mail system and domain.

I find myself reluctant to publish all the patterns we check, in case
someone is watching, but taking your sample, these would match here:

/Dear .{0,12}(web ?mail|columbia\.edu)/i


/you must reply to this email/i

Reply-to =~ /\@live\.com/

The first of course is partly local to us. Another useful local rule
is to check for the uri of your own webmail.

Joseph Brennan
Lead Email Systems Engineer
Columbia University Information Technology