[Mimedefang] LZW, Gifs, and fingerprinting stock spams
Kevin A. McGrail
kmcgrail at pccc.com
Wed Nov 1 09:31:15 EST 2006
> I'm trying to do some stochastic analysis of stock spams and
> figure out if there's a common fingerprint that can be used to
> identify them...
Philip:
Have you looked at Dallas' ImageInfo.pm? See
http://www.rulesemporium.com/plugins.htm. It's a great place to start
building image rules. However, I think you are barking up the wrong tree.
The spams have been very effective at being randomized.
I will also say that the stock image spams have been very effective at
thwarting traditional anti-spam techniques. It's been an ebb and flow
battle for weeks (months?) with them. But I am happy to say that if you use
MIMEDefang, I've been VERY pleased with the results of the AOL-esque reverse
DNS test that I wrote a few weeks ago.
I'm continuing to tweak it but I just put the latest version up in
http://www.peregrinehw.com/downloads/MIMEDefang/mimedefang-filter-KAM. I
use this in conjunction with my ruleset which only SCORES the emails. I do
NOT use this technique to block email like AOL. This may change. The rules
are in http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
Good Luck!
Regards,
KAM
More information about the MIMEDefang
mailing list