Why doesn't DCC help against image spam?
glenn.steen at gmail.com
Tue Dec 26 17:58:27 CET 2006
On 26/12/06, Scott Silva <ssilva at sgvwater.com> wrote:
> Remco Barendse spake the following on 12/24/2006 7:43 AM:
> > Now that ORDB is down my mailscanner is not filtering any spam anymore,
> > i might as well disable it.
> > But out of curiosity, why doesn't DCC work for the image spam?
> > A checksum should be reasonably effective against the image spam i
> > think? Assuming that they are not dynamically building each picture a
> > bit differently for each e-mail that is sent?
> But that could be what they are doing. Spammers are like cockroaches. They
> adapt very quickly, and after they mass-fire their crap, they change up a bit,
> and reload for the next salvo.
> It's war, and we are always on the defense.
Depressing but true... I think I'll have another Julsnaps... To
enliven my defenses... (If the snaps fails to do that.... well, at
least I'll be having more fun...:-)
Seriously though, I think the only real effective defenses (on my
sysytems at least) against image-based spam has been a combination of
the digests (yes, they do take _some_ of it), RFC "strictness" checks
(in PF) and ImageInfo (and some TVD rules picked up by an sa-update).
When these fail I'll be going for FuzzyOcr (have just tested this so
far, but ... it really needs muscle that the production boxes lack).
Or someone really clever will have found another method:-).
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner