| John Von Essen on 4 Aug 2006 20:12:28 -0000 |
|
If the Spam email images are referenced through URLs, then the latest SpamAssassin does have some features for that. There are URL blacklists where known "Spam" images are sourced. However, there is a way around this. You can encode the binary image, and add it as a mime part. Then, in your html mime part, reference the embedded mime part image. The downside to this is it makes the spam large, 20kb as compared to say 2kb. Spammers like to avoid large emails because the larger they are, the bandwidth it takes, and at some point the bandwidth costs effect their ability to make money. For example, most spamassassin setups will allow anything through that is larger then 100Kb. So why isnt that exploited by every spammer? Simple, they cant afford to operate with bandwidth costs involved in sending everyone a 100Kb message. You can try and target the MIME-technique, but it probably changes as the wind blows. The other alternative is IP blocks. I have never been a fine of this, but lately, I am convinced there are certain regions of the world that I will never communicate with. Alot of spam comes from these source so that kind of blocking may help too. Basically I block email from IP's from Angolla, Liberia, etc.,. And this is all based on ARIN assignments, etc.,. -John
On 8/4/06, Art Alexion <art.alexion@verizon.net> wrote:I have been getting a lot of spam lately that is very clever at evading filters. The message text is random, so spamassassin and bogofilter can't see a pattern. The actual spam solicitation is contained in a floating graphic -- touting the same stock, but binarily (?) different. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|