-----Original Message----- From: "David F. Skoll" <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Mon, 30 Jan 2012 12:20:02 -0500 To: "[email protected]" <[email protected]> Subject: Re: [Mimedefang] Blocking phishing
>On Mon, 30 Jan 2012 09:55:51 -0500 >Todd Aiken <[email protected]> wrote: > >> I'm just wondering if there are other people on this list that are >> experiencing the same type of phishing, and what they are doing to >> stop it? > >We use our commercial CanIt software (and ubishops.ca should use it >too! :)) > >Seriously, our CanIt software includes a few features to help reduce >this: > >1) We make use of the Anti-Phishing Email Reply address list at >http://code.google.com/p/anti-phishing-email-reply/ > >If you block mail to *and* from addresses in that list and scan the >body for known phishing URLs, you can catch some stuff. The list is >updated very frequently. Also, I'm a committer so whenever we catch a >phishing attempt, we update the list. > >2) We use outbound rate limiting so that if an account is phished, >it gets blocked rather quickly. Our software allows you to specify a >limit on the number of RCPTs per hour for any given sender or client IP >address. If this rate is exceeded, the software 5xx's any attempt to send >mail. It also alerts the administrator. (You can make exceptions for >accounts that you know [sic] are secure and that legitimately send large >volumes of email.) > >Neither feature is particularly hard to get working with MIMEDefang if >you don't want to use CanIt. Thanks very much David for your suggestions. I've successfully implemented checks to the Anti-Phishing Email Reply list based on some of the example files I found in svn. I've also requested a subscription to the mailing list so that I can submit anything that sneaks through to us. You know, if you wouldn't be so nice to people and tell them how to fix their problems for free, maybe more people would buy CanIt instead of continuing to use MIMEDefang! :-) Seriously though, it's hard to justify to upper management that we need to purchase a product when our current free solution is working so well, especially with the tight budgets that we have to work with. I guarantee though, as long as I'm still the sysadmin here responsible for email, if we did have the money to spend and were looking for something better, CanIt would be at the top of the list. Thanks again. Todd A. Aiken Systems Analyst & Administrator ITS Department BISHOP'S UNIVERSITY 2600 College Street Sherbrooke, Quebec CANADA J1M 1Z7 _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
