Re: [PLUG] Graphic spam

Art Alexion on 5 Aug 2006 13:16:54 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Graphic spam

From: Art Alexion <art.alexion@verizon.net>

To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Graphic spam

Date: Sat, 5 Aug 2006 09:16:06 -0400

Reply-to: art.alexion@verizon.net, Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>

Sender: plug-bounces@lists.phillylinux.org

User-agent: KMail/1.9.1

On Friday 04 August 2006 15:48, TuskenTower wrote: > On 8/4/06, Art Alexion <art.alexion@verizon.net> wrote: > > I have been getting a lot of spam lately that is very clever at evading > > filters. The message text is random, so spamassassin and bogofilter > > can't see a pattern. The actual spam solicitation is contained in a > > floating graphic -- touting the same stock, but binarily (?) different. > > > > I figured the best way to filter it is to find out what is common and > > create a manual filter to catch it. > > > > diff came to mind as to how to find differences in the messages, but is > > there a corollary command for detecting common lines? > > Art, > Check out this Mac Mail.app specific article > http://www.hawkwings.net/2006/08/01/mailapp-rule-fix-for-image-spam . > The key part is that most of these graphic spam emails contain a > "Content-Type" header with a vlaue of "multipart/related". That seems to do it except that one of the mac mail tests is "sender is not a previous recipient" using kmail. This is supposed to minimize false positives because the <From> header is always unique. Thanks for the tip. For now, I've defined a filter that uses the tests <any header> contains multipart/related and <From> is not in my address book and that seems to be working. I have the filter flagging the emails and sending them to a Junk folder. I'll watch the flags for false positives. Thanks again. -- _____________________________________________________________ Art Alexion Arthur S. Alexion LLC PGP fingerprint: 52A4 B10C AA73 096F A661 92D2 3B65 8EAC ACC5 BA7A The attachment - signature.asc - is my electronic signature; no need for alarm. Info @ http://mysite.verizon.net/art.alexion/encryption/signature.asc.what.html _____________________________________________________________
Attachment: pgpTdp4qIcPp7.pgp
Description: PGP signature

___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:

Re: [PLUG] Graphic spam
From: Art Alexion <art.alexion@verizon.net>

References:

[PLUG] Graphic spam
From: Art Alexion <art.alexion@verizon.net>

Re: [PLUG] Graphic spam
From: TuskenTower <tuskentower@gmail.com>

Prev by Date: [PLUG] [marsee@oreilly.com: Newsletter from O'Reilly UG Program, August 4]

Next by Date: [PLUG] [Fwd: Get plugged into the civilrights.org network, Stewart!]

Previous by thread: Re: [PLUG] Graphic spam

Next by thread: Re: [PLUG] Graphic spam

Index(es):

Date

Thread