I did some Googling today and found this:
http://www.phishtank.com/stats/2008/07/
Apparently, in July of this year, phishtank.com verified more phishing
scams targeting PayPal than the rest of the top 10 targets combined.
That pretty impressive, although I must take it with a grain of salt
because I don't know anything about phishtank.com or how they collect
their stats.
Anecdotally, I personally see a lot of PayPal scam emails and
SpamAssassin seems to catch all of them. However, most of my users are
not technically literate, nor are they sufficiently skeptical when it
comes to official-looking messages. Given the seriousness of falling
victim to a phishing scam, I would love to block those messages
entirely. If DKIM could stop them once and for all, it would be worth
the effort.
Here's another way to think about it: spamdyke already does pretty much
everything _I_ need it to do. At this point, I continue working on it
because it's a hobby and I enjoy it. So even though I have a
prioritized TODO list, I'm willing to reshuffle it if even one person
expresses a need/desire for something. That's why I'm working on
recipient validation now -- it's not something I really need for myself
but everyone was asking for it so...
If there's a feature you'd rather see in spamdyke before DKIM, now's the
time to speak up. :)
-- Sam Clippinger
Arthur Girardi wrote:
> Hi.
>
>
>> I disagree about waiting for a certain (or uncertain) percentage of servers
>> in a survey before implementing it though. This isn't a feature about
>> convenience or annoyance, it's a feature that will probably have a big
>> positive impact on some peoples lives. I think the fact that PayPal and eBay
>> have already implemented it (months ago) is a strong indicator of its
>> importance. I'd like to know which other major banking institutions have
>> implemented it, but I don't. I expect that Chase and BofA will be doing so
>> as soon as they can though (based on the phishing emails I've seen).
>>
>> Perhaps we can agree to disagree on this one. And like I said, I could be
>> wrong (again). ;)
>>
>
> Maybe I expressed myself incorrectly. Sure 15-20% is a wild guess of
> mine, who serves a not so critical slice of the market, and I try to
> keep things stable, avoiding adding too many tools that I don't
> consider essential.
>
> Surely big companies which work with any kind of eletronic commerce or
> online payment systems, like the ones you quoted, or any company that
> deals with money in a eletronic way, will always attemp to or
> implement these edge security enhancements, and well justified. But
> aside these cases, I hardly see a real purpose for the majority of
> small business people to enter this bloody jungle, other than for
> testing.
>
> In reality, I'm just ranting because I didn't see the major brazilian
> banks which also suffer from lots of of pishing, implementing these
> tools. Once they do (if the do), and depending on the speed they do,
> and also on the result of their work, that will surely have an impact
> on my business and consequentially on my decision of implementing it
> for myself.
>
> But one thing is for sure, either way, I (with the viewpoint of small
> business hosting provider) will refrain for now from implement
> anything like that unless someone puts up a nice tool with lots of
> log-spitting like what spamdyke does. :)
>
> Arthur
>
>
> _______________________________________________
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users
>
_______________________________________________
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users
