Spam in images

[Tom Anderson]

Eric Wood wrote:
> I use a more stupid approach and it catches a ton of image spam no matter 
> how much "ham" text them wrap around it:
> 
> :0 HB
> * < 100000
> * > 30000
> * src=3D\"cid:.*@.*\"
> {
>   :0 fwh
>   | formail -I"X-Loop: adult-trap GIFAD" -I "Subject: [GIFAD] $SUBJECT"
>   :0
>   ! spam at intgrp.com
> }

Clever, sure.  But like all static rules, it has some shortcomings. 
Your assumption that, "Legit corporate email grabs all the images from 
the web", is false.  I have received more and more email with inline 
pictures.  I have even recommended the technique to some clients.  The 
reason is because of privacy issues.  Many people turn off image loading 
as a security measure to prevent their email client from identifying 
them to a remote website and letting spammers know that they opened the 
email.  As a result, many legitimate emails are turned into a mangled 
imageless mess as well.  I usually advise sending multipart emails with 
both text and html portions, but some companies prefer only to create an 
html version and many customers don't set their email client to display 
text emails first... they set it to display html emails, but keep the 
images off.  So, the only recourse is for businesses to start including 
graphics in their emails if they hope to communicate their message 
before it gets deleted.  Thus, putting bounds on the size of the email 
or identifying inline images will become less and less effective as a 
spam prevention measure.

Anyway, I still don't see the problem with just training on these 
emails.  I have seen one or two of these get through in the past month 
or so, but as soon as I train on it, all future spams of a similar 
variety are filtered normally.  I don't see that this class of spams is 
particularly effective.  Nor do they warrant any special treatment. 
Just train on errors.

Tom