> So when it comes to spear phish, in my view, a big question mark > arises to indicate that its risk is simply "unknow" to mankind. This > is unknown in the public domain as far as I know, which is why I > posted this mail to see if any of you see any spear phish within the > load of SPAM you detect.
Spear phishing is inherently hard to detect because it's carefully crafted for a small set of victims. We do see it among our customers. Sometimes we stop it; sometimes it slips through. Something they helps a little bit is the Anti-Phishing Email Reply project at http://code.google.com/p/anti-phishing-email-reply/ We use and contribute to that list, but it's still reactive rather than proactive. We also try to mitigate post-phishing damage by rate-limiting outbound mail. If a phisher steals your credentials and uses them to start spamming, our software will block your account if it exceeds the admin-specified recipient-per-hour limit. (It also notifies the admin.) While this doesn't prevent phishing, it can reduce the damage in the large class of cases in which credentials are stolen to be used for spamming. It also quickly alerts admins to compromised accounts. Regards, David.
