Re: [Full-disclosure] Analysis: Postbank.nl Phishing Scam
From: Moritz Naumann (lists_at_moritz-naumann.com)
Date: Mon, 06 Jun 2005 20:39:05 +0200 To: Vincent van Scherpenseel <firstname.lastname@example.org>
Vincent van Scherpenseel schrieb:
> You can read the analysis at: http://www.syn-ack.org/papers/postbank.html .
> I would love to receive any feedback on it, either positive or negative, as
> long as arguments are supplied.
Quoting from your analysis:
> Unfortunately I wasn't able to determine what 'RCVD_IN_LSORBS' means.
> A Google and a Google Groups session yielded zero results.
I'm not sure whether this is a common SpamAssassin rule (I simply didn't
check). I also do no know what the 'L' in 'LSORBS' stands for. However,
the rest clearly means that the downmost 'Received' email header line
contained an IP address which is listed in the SORBS ("Spam and Open
Relay Blocking System") DNS blacklist <http://www.sorbs.net/>.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/