I’m almost convinced now that the majority of stuff SpamAssassin misses isn’t really spam, but phishing messages. I think it’s time for SpamAssassin to start considering detecting it. Perhaps take a look at mscott’s good work for Mozilla Thunderbird.
Odds are lots of that detection stuff, will also detect spam slipping through by other means.
1 reply on “Is phishing the new spam?”
Phishing is a subset of spam. That’s also the position I’ve seen among most SpamAssassin users and developers, so if SA isn’t catching something, it’s a technical reason, not a policy one.
If you haven’t already, I highly recommend enabling SA’s SURBL rules. These track URLs found in spam and distribute the data via DNS. Some of the lists are based on phishing data. They work hard to weed out legit, dual-use, or forged domains, so the false positive rate is very low. There’s also a similar project at URIBL.com which uses the same techniques but different sources of data.
Also useful, Clam Anti-Virus has been detecting phishes for several months now. This choice has proven controversial, since phishing isn’t a virus (though it can arguably be a conduit for the spread of malware), but it’s quite useful to anyone using ClamAV on an incoming mail server.