[Esd-l] RE: Esd-l Digest, Vol 26, Issue 2
Sanitizer List
sanitizer at nyfix.co.uk
Fri Feb 18 12:15:29 PST 2005
John wrote:
> OK, not so easy. Looking at a few more, they are using oddball hostnames.
> This may be better done in SpamAssassin with scoring.
>> Subject: [Esd-l] Back working on Phish sanitizing...
>>
>> John,
>> I've gotten a few more cycles to spend on catching phish attacks.
>>
>> My thought is this. Just about every phish I've been looking
>> at uses a IP address url for the hyperlink. So, the filter I
>> was thinking of was:
>>
>> Search for
>> /<a.*href=.*http:\/\/[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?\.[0-
<snip>
Agreed (FWIW). All the phishing I've seen here have been modified domain names <in the source>.
And resolvable to `behind-the-iron-curtain`. (while not wanting to reopen old wounds...)
-DG
More information about the esd-l
mailing list