Inline image based spam
Tony L. Svanstrom
tony at moon.pp.se
Sat Oct 7 10:35:11 CEST 2006
On Fri, 6 Oct 2006 the voices made Chris Wilkes write:
CW> I believe the spam filtering software Vipul's razor worked by sending
CW> parts of an email's text to a server and it hands back a spam value for
CW> it. Maybe the same could by done with these inline images -- take the
CW> md5 hash of the base64 encoded image and query a central repository.
CW> Spammers would reuse their images and would eventually be caught via
CW> this method.
MD5 might be good enough initially, but in the long run you really need a more
fuzzy algorithm; and that takes some work to keep working...
The good news is that there are such services available already, and they've
been active for many years; although used as spamfighting-solutions it's really
all about figuring out the bulkiness-factor of an e-mail. Remember, the #1
reported e-mail to these services might, in theory, not be spam but some very
interesting and very much wanted (byt its subscribers) newsletter.
I'm thinking about DCC <URL: http://www.rhyolite.com/anti-spam/dcc/ >, but
others says Razor... the difference between them? I have no idea, as I haven't
used Razor (and don't see anything relevant on a simple "dcc or razor"-
googling).
You wouldn't filter directly based on these scores/headers, but it's yet
another token for bogofilter to care about; and I really think that that's the
way to go with bogofilter right now, adding more easily available information
which currently can't be found in e-mails.
I'll probably add as many new headers that I can think of the day ("any day
now"...) I get around to installing qpsmtpd <URL: http://smtpd.develooper.com/
>.
/Tony
--
/\___/\ /\___/\
\_@ @_/ \_@ @_/
.--oOO-(_)-OOo--------------------------------------oOO-(_)-OOo--.
| perl -e'print$_{$_} for sort%_=`lynx -dump svanstrom.org/t`' |
`---ôôô---ôôô----------------------------------------ôôô---ôôô---´
\O/ \O/ ©1998-2006 svanstrom.org \O/ \O/
More information about the Bogofilter
mailing list