著者: Marc Sherman 日付: To: exim-users 題目: Re: [exim] Anti Phishing Trick
Alan J. Flavell wrote: >
> Going back to some earlier discussion, there was a suggestion that
> manual intervention and review of the item by the mail admin could be
> a solution. You know, it's happened more than once that a spam was so
> cleverly worded that I, as mail admin, was on the point of being taken
> in by it as genuine mail. In all probability, then, there have been
> occasions where I really *was* taken in. Equally, there may have been
> occasions where the mail was genuine but I rated it as abusive, I
> suppose. I think my review is probably a bit more accurate than the
> automated checks (spamassassin etc.) implemented in the mailer, but
> I'm by no means perfect (and I'm *far* more expensive than the
> automated checks, so I try to minimise the time spent on such tasks),
> so I think I'd have to say (based on this sample) that mail admin
> review, while it can certainly be useful, is no "magic bullet".
Yup, there's a narrow, but not empty, grey zone where the admin can
spend an awful lot of time trying to decide if something's spam. In my
case, the messages in this zone are usually what I call "highly
targetted spam", spam that targets the user based on their
profession/interests. So my web designer user gets spammed by people
running "post-bubble-burst web designer support groups", my landscape
architect user gets spammed by a german company trying to sell him the
latest in water-feature technology, and my wife gets spammed by baby
clubs. It looks a lot like spam to me, but it's so targetted to the
receiver's usual mail that both the bayesian filter and I think that
there's a chance they may have signed up for it. I usually end up
calling the user to ask about the sender, and then explicitly white- or
black-list the sender so I don't have to worry about the next message
they send.
Thankfully, it doesn't happen very often. But when it does, it's a big
time sink.