Re: Corpus of Spam/Ham headers(Source IP) for research

Hello Bill, Thank you so much for your views. I agree that your customers would not like it if you share information. But Oliver suggested , I need only the source IP addresses of the Spam and Ham emails , which can even be anonymized in the last octet. Will that still be a privacy concern?

Re: Catching well directed spear phishing messages

On Tue, 28 Jun 2016 14:13:57 + David Jones wrote: >If I search the Internet for the CEO/CIO/CTO/etc of a company >and send and email from my domain but make the displayed name >in the visible From: be that CEO/CIO/CTO/etc's full name that >the recipient is used to seeing in the mail client,

Re: Corpus of Spam/Ham headers(Source IP) for research

Shivram > Though I have devised a mechanism to generate these blacklists, I am > not > finding a suitable evaluation metric. It would be great if somebody > could > give me a dataset of source IP addresses of emails received by your > network > which have been marked as HAM/SPAM by

Re: Corpus of Spam/Ham headers(Source IP) for research

On 28 Jun 2016, at 20:33, Shivram Krishnan wrote: Hey Guys, I am a researcher at the University of Southern California ( https://steel.isi.edu/ ), and I have been working on making Blacklists more effective by combining different sources of Blacklists, and creating a Blacklists specific

Corpus of Spam/Ham headers(Source IP) for research

Hey Guys, I am a researcher at the University of Southern California ( https://steel.isi.edu/ ), and I have been working on making Blacklists more effective by combining different sources of Blacklists, and creating a Blacklists specific for a particular network. Though I have devised a

Re: Catching well directed spear phishing messages

David Jones wrote on 29/06/16 2:13 AM: >> From: RW >> That wont work in this example because nothing has actually been >> spoofed. > > Exactly. If I search the Internet for the CEO/CIO/CTO/etc of a company > and send and email from my domain but make the displayed

Re: Catching well directed spear phishing messages

Le 28/06/2016 à 16:13, David Jones a écrit : From: RW That wont work in this example because nothing has actually been spoofed. ... All it takes is a compromised account on a trusted mail server (happens all of the time) to provide a conduit for this type of

Re: Catching well directed spear phishing messages

>Am I missing something here: Respectfully, you are. >An email comes in from the CEO of the business - seemingly from the company, >and has a Spam score of 7.5 I am talking about legit emails from trusted senders that won't hit FREEMAIL_FORGED, RBLs, DBLs or any high scoring rules so they are

Re: Protected Sky?

On Tue, 28 Jun 2016 16:10:12 +0200 Reindl Harald wrote: > Am 28.06.2016 um 16:00 schrieb RW: > > On Mon, 27 Jun 2016 22:15:30 +0200 > > Reindl Harald wrote: > > > >> Am 27.06.2016 um 21:27 schrieb Vincent Fox: > >>> I saw a reference today in my MxToolbox report, to an RBL named > >>>

Re: Catching well directed spear phishing messages

Groach kirjoitti 28.6.2016 17:24: > On 28/06/2016 16:13, David Jones wrote: > > David Jones wrote on 29/06/16 12:46 AM: > > No, technology can help. The IT department sets up the mail client > that the CEO uses when out of the office so that it sends mail using > the company mail server with

Re: Catching well directed spear phishing messages

On 28/06/2016 16:13, David Jones wrote: David Jones wrote on 29/06/16 12:46 AM: No, technology can help. The IT department sets up the mail client that the CEO uses when out of the office so that it sends mail using the company mail server with SSL/TLS and user authentication. Or it uses the

Re: Catching well directed spear phishing messages

About the only way to combat these sorts of things is to have proper financial processes in place. In other words, have checks to ensure that no-one can initiate a wire transfer without a vendor invoice, etc. Common sense stuff... but it's so easy to slip and you only have to slip once. :(

Re: Catching well directed spear phishing messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reindl Harald kirjoitti 28.6.2016 16:56: > Am 28.06.2016 um 15:25 schrieb Jari Fredriksson: >>> Almost all the phishes I've received in the last few years have done >>> this - except that they have something like "paypal support" rather >>> than an

Re: Catching well directed spear phishing messages

>From: RW >Sent: Tuesday, June 28, 2016 8:50 AM >To: users@spamassassin.apache.org >Subject: Re: Catching well directed spear phishing messages   >On Wed, 29 Jun 2016 01:30:55 +1200 >Sidney Markowitz wrote: >> David Jones wrote on 29/06/16 12:46 AM: >> > This is

Re: Catching well directed spear phishing messages

Am 28.06.2016 um 16:08 schrieb Jari Fredriksson: Reindl Harald kirjoitti 28.6.2016 16:56: Am 28.06.2016 um 15:25 schrieb Jari Fredriksson: Almost all the phishes I've received in the last few years have done this - except that they have something like "paypal support" rather than an

Re: Protected Sky?

Am 28.06.2016 um 16:00 schrieb RW: On Mon, 27 Jun 2016 22:15:30 +0200 Reindl Harald wrote: Am 27.06.2016 um 21:27 schrieb Vincent Fox: I saw a reference today in my MxToolbox report, to an RBL named Protected Sky which had like double the listing activity of Spamhaus. Does anyone know

Re: Catching well directed spear phishing messages

On Wed, 29 Jun 2016 01:30:55 +1200 Sidney Markowitz wrote: > David Jones wrote on 29/06/16 12:46 AM: > > This is pure social engineering that can't be stopped by > > technology. The AP dept has to have proper safeguards and out of > > band validation (i.e. phone call to the "Recognized Name").

Re: Catching well directed spear phishing messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Reindl Harald kirjoitti 28.6.2016 16:56: > Am 28.06.2016 um 15:25 schrieb Jari Fredriksson: >>> Almost all the phishes I've received in the last few years have done >>> this - except that they have something like "paypal support" rather >>> than an

Re: Protected Sky?

On Mon, 27 Jun 2016 22:15:30 +0200 Reindl Harald wrote: > Am 27.06.2016 um 21:27 schrieb Vincent Fox: > > I saw a reference today in my MxToolbox report, to an RBL named > > Protected Sky which had like double the listing activity of > > Spamhaus. Does anyone know anything about this outfit? >

Re: Catching well directed spear phishing messages

Am 28.06.2016 um 15:25 schrieb Jari Fredriksson: Almost all the phishes I've received in the last few years have done this - except that they have something like "paypal support" rather than an individual's name. Ah, so true you should look at that - enters my junk folder even with a

Re: Catching well directed spear phishing messages

Am 28.06.2016 um 15:30 schrieb Sidney Markowitz: You are right that social engineering can't be stopped by technology. The company should have procedures in place that provide the flexibility that CEO seems to need but will still prevent the fraud even in the face of successful social

Re: Catching well directed spear phishing messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 RW kirjoitti 28.6.2016 16:10: > On Tue, 28 Jun 2016 15:52:10 +0300 > Jari Fredriksson wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> David Jones kirjoitti 28.6.2016 15:46: > >> > One of my customers has been hit by at least one

Re: Catching well directed spear phishing messages

David Jones wrote on 29/06/16 12:46 AM: > This is pure social engineering that can't be stopped by technology. The AP > dept has to have proper safeguards and out of band validation (i.e. phone > call to the "Recognized Name"). No, technology can help. The IT department sets up the mail client

Re: Catching well directed spear phishing messages

On Tue, 28 Jun 2016 15:52:10 +0300 Jari Fredriksson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > David Jones kirjoitti 28.6.2016 15:46: > > One of my customers has been hit by at least one of these emails > > even with good RBLs in use and properly trained Bayes. The emails > >

Re: Catching well directed spear phishing messages

Am 28.06.2016 um 14:52 schrieb Jari Fredriksson: I just refuse the believe that the technology has to trust to the From:.*xxx in the smtp payload and not reject this at once. Does the customer use some dmarc-implementation in their mail chain at all? well, when none of your users are

Re: Catching well directed spear phishing messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David Jones kirjoitti 28.6.2016 15:46: >> From: Sidney Markowitz >> Sent: Tuesday, June 28, 2016 3:15 AM >> To: Ram; users@spamassassin.apache.org >> Subject: Re: Catching well directed spear phishing messages >   >> Ram wrote on

Re: Catching well directed spear phishing messages

>From: Sidney Markowitz >Sent: Tuesday, June 28, 2016 3:15 AM >To: Ram; users@spamassassin.apache.org >Subject: Re: Catching well directed spear phishing messages   >Ram wrote on 28/06/16 7:19 PM: >> >> >> On Tuesday 28 June 2016 12:03 PM, Raymond Dijkxhoorn wrote: >>>

Re: Catching well directed spear phishing messages

Ram wrote on 28/06/16 7:19 PM: > > > On Tuesday 28 June 2016 12:03 PM, Raymond Dijkxhoorn wrote: >> Hai! >> >> I dont understand why they would match your spf record either. Are they >> sended out by a IP adres you 'approved' ?? > SPF does not fail , because they use a different envelope

Re: Catching well directed spear phishing messages

On Tuesday 28 June 2016 12:03 PM, Raymond Dijkxhoorn wrote: Hai! I dont understand why they would match your spf record either. Are they sended out by a IP adres you 'approved' ?? SPF does not fail , because they use a different envelope address.. which may pass SPF The end recipient does

Re: Catching well directed spear phishing messages

Hai! I dont understand why they would match your spf record either. Are they sended out by a IP adres you 'approved' ?? Thanks, Raymond Dijkxhoorn > Op 28 jun. 2016 om 03:27 heeft jdebert het volgende > geschreven: > > On Mon, 27 Jun 2016 18:41:04 +0530 > Ram