[Esd-l] RE: Esd-l Digest, Vol 26, Issue 2

Sanitizer List sanitizer at nyfix.co.uk
Fri Feb 18 12:15:29 PST 2005

John wrote:
> OK, not so easy.  Looking at a few more, they are using oddball hostnames. 
> This may be better done in SpamAssassin with scoring.

>> Subject: [Esd-l] Back working on Phish sanitizing...
>> John,
>> I've gotten a few more cycles to spend on catching phish attacks.
>> My thought is this.  Just about every phish I've been looking 
>> at uses a IP address url for the hyperlink.  So, the filter I 
>> was thinking of was:
>> Search for
>> /<a.*href=.*http:\/\/[0-9][0-9]?[0-9]?\.[0-9][0-9]?[0-9]?\.[0-

Agreed (FWIW).  All the phishing I've seen here have been modified domain names <in the source>.

And resolvable to `behind-the-iron-curtain`. (while not wanting to reopen old wounds...)


More information about the esd-l mailing list