Some of the SpamAssassin Add-On rules (
http://www.rulesemporium.com/)
already do this.
Why re-invent the wheel?
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler@???
US Mail: 3535 Gaspar Drive, Dallas, TX 75220-3611 US
-----Original Message-----
From: exim-users-bounces@??? [
mailto:exim-users-bounces@exim.org] On
Behalf Of Marc Perkel
Sent: Sunday, June 19, 2005 3:52 PM
To: exim-users@???
Subject: [exim] Need help writing an anti-phishing trick
I have an idea of something that should work that I'd like to try to stop a
lot of phishing email.
Here's what I have in mind. Most phishing email pretends to be from well
know institutions, banks, paypal, etc. But even though the from address is
the institution, none of the received lines contain a host that matches the
institution name.
For example - all paypal real email with come from paypal servers.
So - my thinking is - create a list of institutions that are frequently
impersonated. If the sender address is one of those domains then the
received lines are searched for that domain. If there is no match then we
deny the message at the ACL level.
For example, paypal.com with be in the list. If the sender is paypal, but
none of the received lines contain paypal, we nuke the message.
So - who wants to throw an ACL together to do this?
--
## List details at
http://www.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://www.exim.org/eximwiki/
