Why doesn't DCC help against image spam?
Matt Kettler
mkettler at evi-inc.com
Tue Dec 26 17:56:02 CET 2006
Remco Barendse wrote:
> Now that ORDB is down my mailscanner is not filtering any spam anymore,
> i might as well disable it.
>
> But out of curiosity, why doesn't DCC work for the image spam?
>
> A checksum should be reasonably effective against the image spam i
> think? Assuming that they are not dynamically building each picture a
> bit differently for each e-mail that is sent?
They are dynamically building a different image for each email. Behold the power
of botnets. A typical infected home-user PC has by far more spare CPU time than
it does upstream bandwidth.
As best I can tell, the original message is sent to the clients in HTML or some
other marked-up text format. The clients then render it, and at least the
following things can be randomized per-message:
Font size
Word-wrap boundary
Exact shade for various text colors (slightly darker or lighter than called for)
"stipple dots"
stipple blotches (with option to force them only to the edges of the image)
small vertical offsets per-character (creates the "wavy line" text)
geometric shapes laid over background.
stripes laid over the background
The last 3 are primarily used as anti-OCR features, but they also add randomness.
More information about the MailScanner
mailing list