North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: ISP phishing
Robert Boyle wrote: > > At 05:37 AM 6/23/2005, you wrote: > >> Hi guys. I notice a large increase in recent weeks of ISP directed >> phishing - largely because of worms moving backward to using the user's >> own domain for the spam, but not just in the from: address. >> >> I believe this started out as a "let's feel this out" or "wow, that >> worked, let's phish ISP's directly too". I now have several reports >> that point to this becoming a serious problem. >> >> Old with a spark of new, but definitely a problem. >> >> Anyone else dealing with this? > > > Due to the huge number of variants in the wild, our AV software can't > keep up (probably nobody's can). Instead, we enabled a global rule which > blocks any email from accounts such as billing, root, postmaster, > antivirus, abuse, security, etc. which don't originate from our > management IP space where our people work. As a result, we have stopped > these phishing scams for our users dead in their tracks. > > -Robert We did as well, but we did not yet find a solution for legit bounces.. it naturally breaks that. It's a temporary solution to what I see that is going to become very big.