Skip to main content
An Empirical Analysis of Phishing Blacklists
Proceedings of Sixth Conference on Email and Anti-Spam (CEAS)
  • Steve Sheng, Carnegie Mellon University
  • Brad Wardman, University of Alabama - Birmingham
  • Gary Warner, University of Alabama - Birmingham
  • Lorrie Faith Cranor, Carnegie Mellon University
  • Jason Hong, Carnegie Mellon University
  • Chengshan Zhang, Carnegie Mellon University
Date of Original Version
Conference Proceeding
Abstract or Description
In this paper, we study the effectiveness of phishing blacklists. We used 191 fresh phish that were less than 30 minutes old to conduct two tests on eight anti-phishing toolbars. We found that 63% of the phishing campaigns in our dataset lasted less than two hours. Blacklists were ineffective when protecting users initially, as most of them caught less than 20% of phish at hour zero. We also found that blacklists were updated at different speeds, and varied in coverage, as 47% - 83% of phish appeared on blacklists 12 hours from the initial test. We found that two tools using heuristics to complement blacklists caught significantly more phish initially than those using only blacklists. However, it took a long time for phish detected by heuristics to appear on blacklists. Finally, we tested the toolbars on a set of 15,345 legitimate URLs for false positives, and did not find any instance of mislabeling for either blacklists or heuristics. We present these findings and discuss ways in which anti-phishing tools can be improved.
Citation Information
Steve Sheng, Brad Wardman, Gary Warner, Lorrie Faith Cranor, et al.. "An Empirical Analysis of Phishing Blacklists" Proceedings of Sixth Conference on Email and Anti-Spam (CEAS) (2009)
Available at: