[Cialug] SPAM question

Carl Olsen carl-olsen at mchsi.com
Wed Aug 2 06:42:17 CDT 2006 


I tried several different spam solutions for my desktop and I finally ended
up using something called CURB (I think it is made by Computer Associates
who make e-trust).  All it does is go through your saved email and put all
those addresses on a white list.  Anything you don't have in your saved
email gets black listed.  Anytime you get an email, you can click a button
to add it to the black list, or you can go into the quarantine and click
anything to go on the white list.  After a while, you get fairly decent
results.  I've never found any spam software that works better, and this one
is very simple to understand.  It's very cheap and you never have to buy a
renewal.  All of the emails you are discussing end up in my quarantine,
because they come from people I've never added to my white list.

-----Original Message-----
From: cialug-bounces at cialug.org [mailto:cialug-bounces at cialug.org] On Behalf
Of Matt Patterson
Sent: Wednesday, August 02, 2006 12:20 AM
To: Central Iowa Linux Users Group
Subject: Re: [Cialug] SPAM question

You could just filter anything that contains a gif/jpg/png and put it into
a quarantine =) 

The image spam emails have been difficult to catch.  So far, only a few of
the Anti-Spam companies are bragging that they have this one beat.  And
based on the solutions that I have looked into that are floating around,
the spammers are still winning the war.

Basically, there are two types of these messages.  One will have a large
image with some sort of spam for stocks, pills or pr0n and then a bunch of
gibberish text that by itself is too random to filter on and will probably
result in false positives.  This is the kind that I believe you were
referring to in your email.

The second type of image spam looks like one big image.  And a couple of
months ago, it was.  Then people started implementing OCR methods for
grabbing the text out of the image and could create rules for them.  Well,
now the messages still look like it is one big image, but it is actually
broken into 3-12 smaller images.  *most* mail clients will put the message
back together properly and everything looks spammy when you get it.  Very
annoying, but the spammers have beat the OCR method.  I'm not a big fan of
the OCR method due to the amount of processing power needed to scan the
spam and still keep up with the standard mail flows.  

My original statement, while very sarcastic, isn't that far off from what
some people are doing.  If, for example, you have something along the lines
of the hotmail whitelisting system where people in the address book are
whitelisted from certain scans. You could implement a filter where if the
message contains gif/jpg/png and the sender is not on the recipients
address book, put into a quarantine.  Then if the message is a false
positive, add it to a global whitelist.  I'm guessing that won't fly for
most corporate users, but it could work for some.  

There are some other ideas that are out there, but I cannot freely discuss
them.  My company, for some crazy reason, would like to keep the
intellectual property rights to them.

-Matt
matt at mailfoundry.com

More information about the Cialug mailing list