Re: [exim] Anti Phishing Trick

Páxina inicial
Borrar esta mensaxe
Responder a esta mensaxe
Autor: Richard Clayton
Data:  
Para: 'Exim-users'
Asunto: Re: [exim] Anti Phishing Trick
In message <430BD816.3070301@???>, Marc Perkel <marc@???>
writes

>Here's an anti phishing trick I came up with. The idea is that major
>corps will have received lines that match the domain in the from
>address.


as others have observed this is a hard assertion to test

for a counter-example, "frequent flyer" emails from KLM and Air France
(and probably other airlines as well) [and frequent flyer accounts are
just like money in many ways] come from "edt02.net" (who appear to be a
French mass mailing company). Also, in the UK, several of the "online
banks" seem to send at least some of their email through servers which
are not branded as their own (no hard examples to hand, sorry).

So although extensive research (testing doesn't seem quite the word for
the process that is required) may ensure that your technique is
appropriate for your list of domains, there are limits as to how far you
can extend it.

>Paypal email must come from paypal servers. This is driven from
>a list of institutions to test. Feedback appreciated.


others have already commented upon the relationship of your scheme with
SPF... as we all know a big problem with SPF is forwarded email; at
least your scheme will not reject a genuine Wells Fargo email that has
been forwarded to one of your users since it parses ALL the Received
lines (instead of looking at just the source)

However, that's a teensy little flaw in your scheme, since if the
phisher preloads a Received: header line with the name of the bank in
it, then your system will flag it as valid :( Of course, phishers would
never bother to adapt to their environment, so that's all right...

># Verify large institutions to prevent phishing - paypal - ebay - banks


I'd suggest recasting the comment to be less dogmatic (and also suggest
that this sort of heuristic is more appropriate to often-updated systems
with many shades of grey (such as SpamAssassin) rather than a yes/no
decision in the MTA).

- -- 
richard                                              Richard Clayton


They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin