Richard Clayton wrote:
> most anti-spam systems eat them for breakfast
>
We run spamassassin and clam with the Sane sigs. But, it is cheaper to
drop them sooner if they are obvious forgeries.
> this all rather depends whether your users forward bank email from
> somewhere else to you; and indeed whether you believe that the banks
> will tell you when they change email sending architecture...
>
If it breaks forwarding I can over ride with my white list. If the banks
change sending hosts again I can override if dnswl has not caught it first.
> ... I expect people most people let their spam filters deal with
> phishing (and of course their generic anti-spam systems -- such as
> assessing the reputation of the sender and their HELO).
>
We do lots and lots of anti spam checks in exim before it hits SA. This
is just another test.
As I was getting good results I though I would share and ask for feedback.
>> what about these (from my list of recent phishing victims, and there are
>> many more banks and building societies than have been attacked):
>>
>> Bank of Scotland (UK)
>> Barclaycard (UK)
>> Birmingham Midshires (UK)
>> Bradford & Bingley (UK)
>> Cahoot (UK)
>> Cater Allen (UK)
>> CitiBank (UK)
>> Clydesdale (UK)
>> Co-operative Bank (UK)
>> Coutts (UK)
>> Coventry BS (UK)
>> First Direct (UK)
>> HM Revenue & Customs (UK)
>> Intelligent Finance (UK)
>> MBNA Europe (UK)
>> Nationwide (UK)
>> Norwich & Peterborough BS (UK)
>> O2 (UK)
>> Scottish Widows (UK)
>> Smile (UK)
>> Tesco (UK)
>> Ulster Bank (UK)
>> Woolwich (UK)
>> Yorkshire Bank (UK)
>>
I have some of these on my list, some times listing more than one of
their domains,
eg rbs.com, rbs.co.uk, rbsdigital.com ,rbsdigital.co.uk . Some of these
I don't have accurate sending ranges for (not on senderbase) or my logs
show other hosts.
Cheers for the list though I'll update mine with any others I've missed.
Rgds
n
