On Sat, 13 Mar 2021, Kevin A. McGrail wrote:
Can you put a T_ rule in your sandbox or send me something to grep and I'll
search my ham/spam?
http://www.impsec.org/~jhardin/antispam/make_azurephish_rule.sh
https://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/jhardin/40_local_azurephish.cf?view=log
https://ruleqa.spamassassin.org/20210314-r1887624-n/PHISH_AZURE_CLOUDAPP/detail
On Sat, Mar 13, 2021 at 11:38 PM John Hardin <[email protected]> wrote:
On Sat, 13 Mar 2021, Kevin A. McGrail wrote:
If you have spamples and they aren't able to be blocked otherwise, a 4tld
is certainly something to consider.
I have a ruleset generated from my spam corpus in my sandbox. But that's
just based on the (relative) trickle of spam me and my wife get.
They hav quieted down recently. I don't know whether it's because that
technique isn't working out, or they just haven't targeted me lately.
On Fri, Jan 22, 2021 at 11:55 AM John Hardin <[email protected]> wrote:
Folks:
I've been seeing more frequently lately phishing that leverages web apps
hosted by Google and Microsoft as a collection point.
I couple of days ago I added firebaseapp.com and web.app to the default
util_rb_2tld list to cover firebase apps hosted by Google.
I've just seen a couple of phishes leveraging MS Azure web apps:
multadetrafico.eastus.cloudapp.azure.com
multapendente.westus2.cloudapp.azure.com
Unfortunately these can't be added as they have an Azure zone in the
fourth position and we don't have a util_rb_4tld directive...
So, topic for discussion: do we need to add a util_rb_4tld for this?
Related: does URIBL register names that deep?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Failure to plan ahead on someone else's part does not constitute
an emergency on my part. -- David W. Barts in a.s.r
-----------------------------------------------------------------------
Today: Daylight Saving Time begins in U.S. - Spring Forward
