[sanesecurity] Re: Scamnailer - FP? - rgu.ac.uk
- From: Chris Wakelin <c.d.wakelin@xxxxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Mon, 15 Feb 2010 14:12:32 +0000
On 15/02/2010 13:47, John Horne wrote:
>> ScamMailer and spear.ndb use this feed from APER...
>>
>> http://code.google.com/p/anti-phishing-email-reply/
>>
>> As you can see, they have this address listed:
>>
>> d.banks AT rgu.ac.uk,B,20090313
>>
>> There's a list removal section/email address there.
>>
> Okay, thanks. However, 'rgu.ac.uk' is not owned by us so I cannot remove
> the entry. Also the APER entry shows that the address was used in the
> 'From:' header field, whereas the scamnailer entry is tripping when it
> is used in the To: field.
>
I'm one of the maintainers of the APER list. I'll remove the entry.
The original aim of the APER project was to maintain a list of bad
"reply" addresses you might want to block (i.e. what the user would get
if they hit "reply" on their mail client) so in theory we only add an
entry as "B" if there was no "Reply-to" header (if there was, we just
add that as "A" instead).
If the reply was expected to be via a web-form or an e-mail address in
the message body, then we log the reply-address as "E" (but many
contributors seem to forget this and use "B" instead). Also some
contributors will add both the Reply-to address and the "From" address
(which they shouldn't).
What other people (such as ScamNailer and, indeed Sanesecurity) do with
the list, we can't control of course :)
Best Wishes,
Chris
--
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin, c.d.wakelin@xxxxxxxxxxxxx
IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439
Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
Other related posts:
