Image only spam

Rob Hard2Hold at
Tue Sep 7 14:19:10 IST 2004

I am starting to get flooded with image only spam.  Subject reads RE:
and a number.

I read through the archive, and added some ideas in there to try and
prevent them from coming through:

FEATURE(`dnsbl', `', `"550 Mail from "
$`'&{client_addr} " refused - see"')dnl
FEATURE(`dnsbl', `', `"550 Mail from " $`'&{client_addr}
" refused - see"')dnl

Also added this:

# HTML_IMAGE_AREA - lots of image area (absolute)
body HTML_IMAGE_AREA_04  eval:html_range('image_area','400000','500000')
body HTML_IMAGE_AREA_05  eval:html_range('image_area','500000','600000')
body HTML_IMAGE_AREA_06  eval:html_range('image_area','600000','700000')
body HTML_IMAGE_AREA_07  eval:html_range('image_area','700000','800000')
body HTML_IMAGE_AREA_08  eval:html_range('image_area','800000','900000')
body HTML_IMAGE_AREA_09  eval:html_range('image_area','900000')
describe HTML_IMAGE_AREA_04     HTML has 4-5 kilopixels of images
describe HTML_IMAGE_AREA_05     HTML has 5-6 kilopixels of images
describe HTML_IMAGE_AREA_06     HTML has 6-7 kilopixels of images
describe HTML_IMAGE_AREA_07     HTML has 7-8 kilopixels of images
describe HTML_IMAGE_AREA_08     HTML has 8-9 kilopixels of images
describe HTML_IMAGE_AREA_09     HTML has over 9 kilopixels of images
# HTML_IMAGE_ONLY - not much text with images (absolute)
body HTML_IMAGE_ONLY_02         eval:html_image_only('0000','0200')
body HTML_IMAGE_ONLY_04         eval:html_image_only('0200','0400')
body HTML_IMAGE_ONLY_06         eval:html_image_only('0400','0600')
body HTML_IMAGE_ONLY_08         eval:html_image_only('0600','0800')
body HTML_IMAGE_ONLY_10         eval:html_image_only('0800','1000')
body HTML_IMAGE_ONLY_12         eval:html_image_only('1000','1200')
describe HTML_IMAGE_ONLY_02     HTML: images with 0-200 bytes of words
describe HTML_IMAGE_ONLY_04     HTML: images with 200-400 bytes of words
describe HTML_IMAGE_ONLY_06     HTML: images with 400-600 bytes of words
describe HTML_IMAGE_ONLY_08     HTML: images with 600-800 bytes of words
describe HTML_IMAGE_ONLY_10     HTML: images with 800-1000 bytes of words
describe HTML_IMAGE_ONLY_12     HTML: images with 1000-1200 bytes of words
# HTML_IMAGE_RATIO - more image area than text (ratio)
body HTML_IMAGE_RATIO_02        eval:html_image_ratio('0.000','0.002')
body HTML_IMAGE_RATIO_04        eval:html_image_ratio('0.002','0.004')
body HTML_IMAGE_RATIO_06        eval:html_image_ratio('0.004','0.006')
body HTML_IMAGE_RATIO_08        eval:html_image_ratio('0.006','0.008')
body HTML_IMAGE_RATIO_10        eval:html_image_ratio('0.008','0.010')
body HTML_IMAGE_RATIO_12        eval:html_image_ratio('0.010','0.012')
body HTML_IMAGE_RATIO_14        eval:html_image_ratio('0.012','0.014')
describe HTML_IMAGE_RATIO_02  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_04  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_06  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_08  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_10  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_12  HTML has a low ratio of text to image area
describe HTML_IMAGE_RATIO_14  HTML has a low ratio of text to image area

score HTML_IMAGE_AREA_05 0.283 1.342 1.122 2.199
score HTML_IMAGE_AREA_07 1.615 1.681 1.997 1.022
score HTML_IMAGE_ONLY_02 2.751 2.244 1.472 1.230
score HTML_IMAGE_ONLY_04 1.898 1.527 1.136 1.001
score HTML_IMAGE_ONLY_06 1.531 1.709 0.527 1.439
score HTML_IMAGE_ONLY_08 0.525 0.837 1.472 1.439
score HTML_IMAGE_ONLY_10 0.615 1.138 0.431 0.019
score HTML_IMAGE_ONLY_12 0.787 1.012 0.483 0
score HTML_IMAGE_RATIO_04 0.821 0.892 0.667 1.050
score HTML_IMAGE_RATIO_06 0.935 0.317 0.649 0
score HTML_IMAGE_RATIO_08 0.605 0.408 0.413 0.359
score HTML_IMAGE_RATIO_10 0.535 0.488 0.619 0.315
score HTML_IMAGE_RATIO_12 0.324 0 0 0
score HTML_IMAGE_RATIO_14 0 0.276 0 0
score HTML_IMAGE_AREA_04 0
score HTML_IMAGE_AREA_09 0
score HTML_IMAGE_AREA_08 0
score HTML_IMAGE_AREA_06 0

But they are still getting through.

I have spamassassin 2.63 and the latest MailScanner running.  Also
running bayes db.

Is anyone else getting these and have a better resolution to stopping these?

Thanks in advance


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ ( and
the archives (

More information about the MailScanner mailing list