Re: [exim] Anti Phishing Trick - Latest Version

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Richard Clayton
Date:  
À: exim-users
Sujet: Re: [exim] Anti Phishing Trick - Latest Version
In message <43161E0C.4050700@???>, Marc Perkel <marc@???>
writes

>>| That's an interesting assumption. I'm filtering for 350 domains and no
>>| complaints.


>If you
>had a technical response as to why this wouldn't work I'd listen to it.
>But you haven't offered anything.


There were, as has already been observed, some careful comments made a
week or so ago (including some by me, which I won't bother to repeat,
suffice it to say that like most heuristics this one will have a limited
life and will probably let you down when you have come to rely upon it)

I am however slightly puzzled as to the provenance of the list and the
amount of testing you have done to check it out. This is because the
list contains

        lloydstsb.co.uk


which is presumably meant to be the bank (Lloyds TSB Bank plc) where I
actually have some accounts. They haven't sent me any email lately, the
last I received was in October 2003 (when phishing was only just
starting to be an issue for the banking community).

This had the Received lines

Received: from unknown (HELO sfbas02u2.s4buat.com) (213.52.140.146)
  by lon-mail-1.gradwell.net with SMTP; 10 Oct 2003 08:23:43 -0000
Received: from localhost (localhost [127.0.0.1])
        by sfbas02u2.s4buat.com (8.11.6+Sun/8.11.6) with SMTP id
h9A8K2t24659
        for <me@???>; Fri, 10 Oct 2003 09:20:12 +0100 (BST)


which made a lot of sense when one considered that this was a "success
for business" scheme they were running at the time. However, you will
note that lloydstsb isn't mentioned at all :(

Doubtless of course you will have a more modern email example to
provide? since times have changed since 2003. I look forward to seeing
you posting it to the list.

I am especially puzzled about this issue -- and will welcome your
upcoming information --- because I always thought of the bank as using
the domain "lloydstsb.com" ... which is where the "co.uk" website
currently redirects.

Interestingly, they do suggest writing to them as "@lloydstsb.co.uk" so
perhaps they use a different email domain (co.uk) than their banking
website uses (.com). Especially confusing of them -- hence the
considerable value of your data.

>>If you've checked legitimate email from all these domains, just *say
>>so* for Pete's sake, and I'll shut up.
>>
>Yep - so shut up.


That's OK then

- -- 
richard                                              Richard Clayton


They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin