[Cialug] SPAM question

Matt Patterson matt at usrlocal.com
Wed Aug 2 00:19:34 CDT 2006


You could just filter anything that contains a gif/jpg/png and put it into
a quarantine =) 

The image spam emails have been difficult to catch.  So far, only a few of
the Anti-Spam companies are bragging that they have this one beat.  And
based on the solutions that I have looked into that are floating around,
the spammers are still winning the war.

Basically, there are two types of these messages.  One will have a large
image with some sort of spam for stocks, pills or pr0n and then a bunch of
gibberish text that by itself is too random to filter on and will probably
result in false positives.  This is the kind that I believe you were
referring to in your email.

The second type of image spam looks like one big image.  And a couple of
months ago, it was.  Then people started implementing OCR methods for
grabbing the text out of the image and could create rules for them.  Well,
now the messages still look like it is one big image, but it is actually
broken into 3-12 smaller images.  *most* mail clients will put the message
back together properly and everything looks spammy when you get it.  Very
annoying, but the spammers have beat the OCR method.  I'm not a big fan of
the OCR method due to the amount of processing power needed to scan the
spam and still keep up with the standard mail flows.  

My original statement, while very sarcastic, isn't that far off from what
some people are doing.  If, for example, you have something along the lines
of the hotmail whitelisting system where people in the address book are
whitelisted from certain scans. You could implement a filter where if the
message contains gif/jpg/png and the sender is not on the recipients
address book, put into a quarantine.  Then if the message is a false
positive, add it to a global whitelist.  I'm guessing that won't fly for
most corporate users, but it could work for some.  

There are some other ideas that are out there, but I cannot freely discuss
them.  My company, for some crazy reason, would like to keep the
intellectual property rights to them.

-Matt
matt at mailfoundry.com


On Wed, 02 Aug 2006 02:27:04 -0000 (GMT), "Jerry Heiselman"
<jweida at gmail.com> wrote:
> I've been getting tons of them per day.  Luckily, with gmail, I can
> preview the first little bit of the message, so it's easily
> identifiable as Spam since the text is always gibberish.  You'd think
> that they would at least steal the text from current news articles or
> something to make it look more legit.
> 
> Anyway, the only way I could think of to have automated Spam filtering
> of this type of junk mail would be to have it grade the content of the
> email based on grammer rules and trigger if it fails in comparison to
> the ratio of text.
> 
> Unfortunately, I'm not smart enough to implement this sort of thing.   :(
> 
> --
> Jerry
> 
> On 8/1/06, Nathan C. Smith <smith at ipmvs.com> wrote:
> > That's the hot new thing in spam.  (hot spam?)
> >
> > > -----Original Message-----
> > > From: Tony Bibbs [mailto:tony at tonybibbs.com]
> > > Sent: Tuesday, August 01, 2006 8:47 AM
> > > To: Central Iowa Linux Users Group
> > > Subject: [Cialug] SPAM question
> > >
> > >
> > > I've been getting email like the one below getting through all my
> > > filters.  It won't show up in what I forwarded but they
> > > attach an image
> > > with the SPAM message then add all the text you see below to
> > > mess with
> > > the filters.
> > >
> > > Any good way to deal with these?  I'm getting a dozen or more per day.
> > >
> > > --Tony
> > >
> > > -------- Original Message --------
> > > Subject:      gallery Jared
> > > Date:         Tue, 1 Aug 2006 15:10:58 -0700
> > > From:         loose <wdtjgilcfav at compagnie.com>
> > > To:   tony at tonybibbs.com
> > >
> > >
> > >
> > > short no.The answer:Do
> > >
> > > moral... Moral
> > >
> > > page. added crisp cheque American types. Simple falling log
> > >
> > > sign. hsphere testme uid limit grace /hsphere days
> > >
> > > Dingo programs Support: OS/Mac PPC/Mac License: Shareware added: //
> > > Update: history Size:
> > >
> > > Affiliate Marketing blogged earlier blogging wink. published LinkShare
> > >
> > > games thing. ongoing without
> > >
> > > Often couple places most paste A:NET browsing hidden
> > >
> > > owners sucking brings crawl.The
> > >
> > > Helmet Logo Sleeve Long Womens Ties Academics Backpacks School
> > >
> > > More. options. Email: privacy policy revenews center authors
> > > advertise premium
> > >
> > > whats
> > >
> > > happened releases dataMike Hyland Warner Bros.
> > >
> > > Smith Institute
> > >
> > > html seconds caught deep hierarchy speaking visited competing
> > >
> > > Ive done month animate site TV
> > >
> > > speed. detection error. dead. death are:. old.. freaking
> > > old.Its drive. anymore. sunday
> > >
> > > Cool Curing Rants MISSION
> > >
> > > NDIS options
> > >
> > > Medium Large XL XXL
> > >
> > > ePOS Sequoia Retail Systems
> > >
> > > document Apache/.. Unix Server
> > >
> > > good homes suffer tragic several exciting facts
> > >
> > > When installed navigate Start gt Programs following screen:
> > > Network click button.
> > >
> > > gallery Jared Landine handsome
> > >
> > > down discharge functions includes
> > >
> > > Baskets iPod Students Faculty Computers Custom Laptops HP
> > > Dell Refund Used Warranty Returns
> > >
> > > Wayne Porter
> > >
> > > engine domain. given network. reports bottom
> > >
> > > locate created. Remove Locate Template Write. exit RawWrite
> > > example intel Here
> > >
> > > possible. Craps Short posts. writing
> > >
> > > down discharge functions includes Shutdown timer shows status
> > > shutdown timer.A Forced bring menu counter
> > >
> > > _______________________________________________
> > > Cialug mailing list
> > > Cialug at cialug.org
> > > http://cialug.org/mailman/listinfo/cialug
> > >
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> >
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
> 
> 





More information about the Cialug mailing list