[Mimedefang] Image blocking idea

Chris Myers chris at by-design.net
Thu Apr 20 09:37:51 EDT 2006


----- Original Message ----- 
From: "David F. Skoll" <dfs at roaringpenguin.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Thursday, April 20, 2006 8:02 AM
Subject: Re: [Mimedefang] Image blocking idea


> WBrown at e1b.org wrote:
>
>> Here's an idea for blocking image spam:  What about taking the idea of
>> SURBL and DNSRBls and extending it to images.  My proposal is to hash the
>> image and do a DNS query using the hash value and domain hosting the 
>> image
>> RBL.
>
> This is a good idea until spammers start mutating their images.

They already ARE altering the images to do hashbusting.  If you look at the 
stock scam images (which are very prolific), you'll see "random" noise in 
the image background ... just a few pixels here and there that are a 
slightly different color than the background.

I tried generating SHA1 hashes on a day's worth of incoming inline images 
and only got a few duplicate hashes -- most of which were for legitimate 
messages.

It might be more profitable to ban inline images from sites on select 
DNSBLs.  I haven't investigated the false positive rate on this idea yet, so 
take this idea with the appropriate dose of salt.

Chris Myers
Networks By Design




More information about the MIMEDefang mailing list