[Mimedefang] Image blocking idea
Chris Myers
chris at by-design.net
Thu Apr 20 09:37:51 EDT 2006
----- Original Message -----
From: "David F. Skoll" <dfs at roaringpenguin.com>
To: <mimedefang at lists.roaringpenguin.com>
Sent: Thursday, April 20, 2006 8:02 AM
Subject: Re: [Mimedefang] Image blocking idea
> WBrown at e1b.org wrote:
>
>> Here's an idea for blocking image spam: What about taking the idea of
>> SURBL and DNSRBls and extending it to images. My proposal is to hash the
>> image and do a DNS query using the hash value and domain hosting the
>> image
>> RBL.
>
> This is a good idea until spammers start mutating their images.
They already ARE altering the images to do hashbusting. If you look at the
stock scam images (which are very prolific), you'll see "random" noise in
the image background ... just a few pixels here and there that are a
slightly different color than the background.
I tried generating SHA1 hashes on a day's worth of incoming inline images
and only got a few duplicate hashes -- most of which were for legitimate
messages.
It might be more profitable to ban inline images from sites on select
DNSBLs. I haven't investigated the false positive rate on this idea yet, so
take this idea with the appropriate dose of salt.
Chris Myers
Networks By Design
More information about the MIMEDefang
mailing list