I have had good luck stopping a few spammers by looking at the image paths, alot of these clowns serve their images from comprimised (or open by default) servers. This is especially prevalent among the pornsters.
For example the same graphic based spam may have been sent from several sources with different image urls. http://10.10.10.1/mort/img/refin-01.jpg http://192.168.1.1/mort/img/refin-01.jpg Filter for /mort/img/refin-01.jpg and they are gone Keep a separate file for these types of tests becuase these are usually temporary, management will be much easier Have a great day! Rick Davidson Buckeye Internet Inc. www.buckeyeweb.com 440-953-1900 ext 222 - ----- Original Message ----- From: "Bill B." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 09, 2003 12:50 AM Subject: [Declude.JunkMail] spam w/ all images > Scott, > > How about adding a test for if the text/html segment of an email contains all <IMG> tags, with no actual text? Seems like that sort of spam is getting more prevelent lately. > > Bill > > --- > [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
