On 15/09/16 15:22, Chip M. wrote:
The other way to fix that is to detect the lexical distance between the
sender's domain and your organisation's domains, e.g. by building a plugin that uses https://en.wikipedia.org/wiki/Levenshtein_distance. That could be done for a small number of domains within a few hours. In my experience results are impressive and it's really awesome to block such a personalized attack, although this spoofing method is not used that often due to its cost. Mail me if you want the core of the code to do those checks.
That sounds VERY interesting, Olivier! :) https://github.com/fmbla/spamassassin-levenshtein An implementation I made for SA - feedback welcome -- Paul Stead Systems Engineer Zen Internet
