[Mimedefang] LZW, Gifs, and fingerprinting stock spams

Kevin A. McGrail kmcgrail at pccc.com
Wed Nov 1 09:31:15 EST 2006


> I'm trying to do some stochastic analysis of stock spams and
> figure out if there's a common fingerprint that can be used to
> identify them...

Philip:

Have you looked at Dallas' ImageInfo.pm?  See 
http://www.rulesemporium.com/plugins.htm.  It's a great place to start 
building image rules.  However, I think you are barking up the wrong tree. 
The spams have been very effective at being randomized.

I will also say that the stock image spams have been very effective at 
thwarting traditional anti-spam techniques.  It's been an ebb and flow 
battle for weeks (months?) with them.  But I am happy to say that if you use 
MIMEDefang, I've been VERY pleased with the results of the AOL-esque reverse 
DNS test that I wrote a few weeks ago.

I'm continuing to tweak it but I just put the latest version up in 
http://www.peregrinehw.com/downloads/MIMEDefang/mimedefang-filter-KAM.  I 
use this in conjunction with my ruleset which only SCORES the emails.  I do 
NOT use this technique to block email like AOL.  This may change.  The rules 
are in http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf

Good Luck!

Regards,
KAM 




More information about the MIMEDefang mailing list