[Spambayes] Anti Phishing suggestion

Frank Heile fheile at pacbell.net
Wed Jan 5 23:55:54 CET 2005


Thanks.  I am not a developer either, but I did know that SpamBayes does not
parse the actual content of messages.  However another possibility might be
that at the point where SpamBayes is tokenizing the email content, it may be
possible to change strings like "http://123.456.234.567/" into something
generic like "http://NNN.NNN.NNN.NNN/" and then use the normal Bayesian
technique to get these messages flagged as SPAM since I don't think any of
my HAM messages ever use numeric URL addresses.  This would probably only
work for a while till the Phishers eventually use non-numeric addresses for
their faked URLs.  Developers?  Is this possible/easier?

-----Original Message-----
From: Katz, Amir [mailto:Amir_Katz at bmc.com] 
Sent: Wednesday, January 05, 2005 2:19 PM
To: Frank Heile
Cc: spambayes at python.org
Subject: RE: [Spambayes] Anti Phishing suggestion

It's an excellent idea, but I think that it's beyond the scope of SpamBayes
per se. SB does not make any check of the data in the message, nor to the
validity, truthfulness or legality of any claims therein.

I think that the right solution would be another tool that will work like SB
(an Outlook plug-in) which will add a button, "Check Phishiness" and will do
what you suggest, displaying a phishiness score and would let the user
decide what to do ("Delete as phish" or "do nothing").

On the proxy solution, maybe the same code will be hosted by the proxy, but
will be invoked before or after SB filter, and will add its own annotation
to the mail with 'Phish alert', so POP3/IMPA users will just need to add
another filter rule for those.

Just my $0.02 (not being a developer of SB, just a devoted user & spreading
the SB gospel)

Amir 



More information about the Spambayes mailing list