On 23 Aug 2005 at 19:31, Marc Perkel wrote about
"Re: [exim] Anti Phishing Trick":
| Fred Viles wrote:
|
| >On 23 Aug 2005 at 19:14, Marc Perkel wrote about
| > "[exim] Anti Phishing Trick":
| >
| >| Here's an anti phishing trick I came up with. The idea is that major
| >| corps will have received lines that match the domain in the from
| >| address.
| >
| >Interesting idea, but your assumption seems highly questionable to
| >me. How did you test it?
|...
| I ran it for a few weeks to see if there were any false positives and
| there weren't any.
That's not testing it. Unless you made arrangements to get
legitimate messages from all those domains in that time? Or
monitored for legitimate messages and only added a domain to your
list after you'd seen several?
| And - I've been running this for over a year with no problems.
|... (paypal & ebay)
Assuming that you have users getting legitimate mail from ebay &
paypal (very plausible), that answers my question for two entries in
your list. Of course, there's no guarantee for the future, even for
them.
Just looking through my inbox, I see that mail from domains like my
bank, a Coldwell Banker site, AT&T, uBid, and Dish Network, (none of
which are in your list) would all be FPs.
The plural of anecdote is not data, but it's enough to convince me
that it's quite unsafe to simply *assume* that legitimate mail from
every domain that happens to get abused in a Phishing message must
appear in the Received: headers.
- Fred
