Re: anti-phishing implementation

[Bjorn Borg <bjorn.brg () gmail com>]

Hi,

Actually my goal of developing this tool is just to protect home users
who are negligent and unsuspecting with phishing scams. Those users
may use different email services, web-based or mail clients,... its
not for the company's scenairo. I thought about this project since not
all mail servers have the ability as you describe.

Best Regards,

Bjorn

On 8/21/05, Lyal Collins <lyal.collins () key2it com au> wrote:
> The recipient trusts the gateway (or sending server) to verify the
> sender is known and trusted to not send spam.
>
> The gateway, or more likely, a company's mail server is configured to
> authenticate the sender's ID before passing the mail. And of course, to
> perform spam/virus checking on low-trust mail (that is. mail from
> senders who  do not identify themselves, just like the difference
> between addressed mail and bulk mail in letterboxes )
>
> Gateways can easily authenticate senders by simple extensions to SMTP.
>
> Ciphire has done it, my company has done it, as have numerous other
> entities.
> Phishers won't be able to be trusted by the gateways, there no phishing
> mail reaches any recipient except as low-trust email.  This distinction
> allows even low-skilled recipients to see the phisher's email is
> suspect.
>
> If the sender identity can be verified by the recipient, and the gateway
> is trusted, the recipient is able to have a greater level of confidence
> in the email.
>
> Lyal
>
> On Sat, 2005-08-20 at 12:55 +0200, Irene Abezgauz wrote:
> > Lyal,
> >
> > I am not sure I quite understand the concept you have introduced of
> > gateway-recipient trust. The recipient trusts his gateway and therefore
> > trusts that gateway that all email sent from that gateway is indeed
> > valid and not malicious in any way?
> >
> > What I'm trying to understand mainly is feasibility. How is the gateway
> > going to determine between "right" and "wrong". How can the gateway
> > authenticate senders? That will require a large database of who is who
> > and good anti-spoofing mechanisms since the whole system is going to
> > rely on the information of who the sender is.
> >
> > Have I completely misunderstood you?
> >
> > Irene
> >
> > ----------------
> > Irene Abezgauz
> > Application Security Consultant
> > Hacktics Ltd.
> > Mobile: +972-54-6545405
> > Web: www.hacktics.com
> >
> >
> > -----Original Message-----
> > From: Lyal Collins [mailto:lyal.collins () key2it com au]
> > Sent: Saturday, August 20, 2005 7:33 AM
> > To: 'Bjorn Borg'; bugtraq () securityfocus com;
> > focus-virus () securityfocus com; focus-ms () securityfocus com;
> > honeypots () securityfocus com; pen-test () securityfocus com;
> > security-basics () securityfocus com;
> > security-management () securityfocus com; forensics () securityfocus com;
> > webappsec () securityfocus com; secureshell () securityfocus com
> > Subject: RE: anti-phishing implementation
> >
> > There is another strategy that the industry has almost totally ignored -
> > allow the recipient to verify the sender's identity.  Not verifed ->
> > delete
> > the email.
> > This does not mean S/MIME, PGP or added email headers etc, but may also
> > use
> > those techniques as well.
> > It means the sender and recipient can trust each other that the email
> > they
> > send each other, and thus can treat all other email as suspect.
> > In the distributed internet, this would probably be best implemented in
> > selected gateways that authenticate senders, so the trust is
> > gateway-recipient, rather than the more complex sender-recipient, sicne
> > the
> > former scenario has less trust paths than the latter.
> >
> > This needs no databases, and no arms race of trying to keep up with
> > spammers
> > tools.
> >
> > Lyal
> >
> >
> >
> > -----Original Message-----
> > From: Bjorn Borg [mailto:bjorn.brg () gmail com]
> > Sent: Friday, 19 August 2005 11:30 PM
> > To: bugtraq () securityfocus com; focus-virus () securityfocus com;
> > focus-ms () securityfocus com; honeypots () securityfocus com;
> > pen-test () securityfocus com; security-basics () securityfocus com;
> > security-management () securityfocus com; forensics () securityfocus com;
> > webappsec () securityfocus com; secureshell () securityfocus com
> > Subject: anti-phishing implementation
> >
> >
> > Hi everyone,
> >
> > I just started to develop an anti-phishing tool for my thesis.
> >
> > The tool should have two tasks. First one is to detect and prevent known
> > attacks from web-based and POP3 emails. Second is to analyze emails'
> > content
> > to identify unknown phishing email and spoofed link.
> >
> > To make the first task work, I need a full database of known phishing
> > emails, links. Anybody know where I can get this database?
> >
> > I really appreciate any suggestion about how to make this tool work,
> > sources,...
> >
> > Many thanks,
> >
> > Bjorn
> > Kungliga Tekniska Hogskolan, Stockholm, Sweden
> >
> > --
> > No virus found in this incoming message.
> > Checked by AVG Anti-Virus.
> > Version: 7.0.338 / Virus Database: 267.10.13/78 - Release Date:
> > 8/19/2005