On Mon, Jun 16, 2014 at 12:36 PM, Kevin A. McGrail kmcgr...@pccc.com
wrote:
On 6/16/2014 9:49 AM, Joe Quinn wrote:
On 6/16/2014 9:42 AM, Dave Pooser wrote:
On 5/30/14 11:11 AM, Kevin A. McGrail kmcgr...@pccc.com wrote:
Good time for an update to the users list about the issue. The box
Hello,
We just received the most authentic looking phishing I've seen.
It was professionally written, included a nice signature in the style
used by people at my workplace, and the target link was an exact
replica of an ezproxy website we run.
The URL domain was only different by a few letters.
On Tue, Sep 16, 2014 at 5:27 PM, John Hardin jhar...@impsec.org wrote:
On Tue, 16 Sep 2014, francis picabia wrote:
Hello,
We just received the most authentic looking phishing I've seen. It was
professionally written, included a nice signature in the style used by
people at my workplace
On Mon, Oct 20, 2014 at 9:18 AM, Robert Moskowitz r...@htt-consult.com
wrote:
SInce this is about mail and spam, I thought this might be a good place to
ask about nolisting:
http://en.wikipedia.org/wiki/Nolisting
I get ~ 7000 messages/day on my server, with ~70% getting tagged as spam.
On Fri, Sep 19, 2014 at 2:59 PM, John Hardin jhar...@impsec.org wrote:
On Fri, 19 Sep 2014, francis picabia wrote:
On Tue, Sep 16, 2014 at 5:27 PM, John Hardin jhar...@impsec.org wrote:
On Tue, 16 Sep 2014, francis picabia wrote:
Hello,
We just received the most authentic looking
On Mon, Oct 27, 2014 at 4:55 PM, John Hardin jhar...@impsec.org wrote:
On Mon, 27 Oct 2014, francis picabia wrote:
uri URI_EXAMPLE_EXTRA m;^https?://(?:www\.)?example\.com[^/?];i
However another spoofed message was received today and the rule
did not capture it.
If I want to detect
On Tue, Oct 28, 2014 at 11:47 AM, francis picabia fpica...@gmail.com
wrote:
On Mon, Oct 27, 2014 at 4:55 PM, John Hardin jhar...@impsec.org wrote:
On Mon, 27 Oct 2014, francis picabia wrote:
uri URI_EXAMPLE_EXTRA m;^https?://(?:www\.)?example\.com[^/?];i
However another spoofed
I've tested the rule:
uri URI_MYDOMAIN_PHISH
m;^https?://(?:[^./]+\.)*example\.com[^/?];i
is catching this sample newletter link:
Oct 29 09:38:50.368 [24608] dbg: rules: ran uri rule
URI_MYDOMAIN_PHISH == got hit: http://example.com;
Complete email body content in test of newsletter
On Wed, Oct 29, 2014 at 10:27 AM, francis picabia fpica...@gmail.com
wrote:
I've tested the rule:
uri URI_MYDOMAIN_PHISH
m;^https?://(?:[^./]+\.)*example\.com[^/?];i
is catching this sample newletter link:
Oct 29 09:38:50.368 [24608] dbg: rules: ran uri rule
URI_MYDOMAIN_PHISH
On Thu, Feb 12, 2015 at 1:46 PM, Benny Pedersen m...@junc.eu wrote:
On 12. feb. 2015 17.40.13 Kevin A. McGrail kmcgr...@pccc.com wrote:
Spf deals with the envelope sender not the from address.
envelope_sender_header From
bad example to follow, it not really a spf question, sender-id is the
Our spamassassin 3.3.1 is marking email with tags like and
SPF_SOFTFAIL and SPF_FAIL, as long as the sender info
is failing the SPF test. But if the sender passes the test
and the From: address is from our domain, then there
are no SPF tags appearing.
The risk is that users don't look at the
. Everything
else (sender, helo) matches the origin.
On February 12, 2015 11:17:38 AM EST, francis picabia fpica...@gmail.com
wrote:
Our spamassassin 3.3.1 is marking email with tags like and
SPF_SOFTFAIL and SPF_FAIL, as long as the sender info
is failing the SPF test. But if the sender passes
My question has been misunderstood as commentary on SPF, etc.
It is not about SPF, I'm just trying to steer the question towards a
spamassassin tag that can be triggered.
I found a solution with my own rule.
I wasn't sure whether the SA rules referring to 'from' header were
actually meaning
13 matches
Mail list logo