Maybe another possibility is to limit what accounts get images.. I've been thinking about this, in relation to clients wanting their email address on their webpages (uurrgghh). If there is a [EMAIL PROTECTED] or abuse@ postmaster@ webmaster@ (etc...), would it be worth it to deny connections, stating a "Please see www.mydomain.com/emailRules.html" in the response? As some small places have info and webmaster directed to their real email address.
This seems more cost effective for the server (although, you have to wait till the first image...), but the user will see less email. As I say, just thinking out loud... Perhaps it's wrong to do this for images, but might be good for attachments... "Error: Email to webmaster must not contain attachments" Not sure if its worth making another list of "users that should not get attachments". If the user needs a file, they would respond using their real email address, so it's not a complete loss for website updates, say. With all the talk of images I've added a sub to filter that logs images: $res = filter_filename_image($entity); if ($res) { md_graphdefang_log('incoming_image', $fname, $type); } Where filter_filename_image is just like filter_bad_filenames but with: $bad_exts = '(bmp|dib|emf|gif|ico|jfif|jpe|jpeg|jpg|png|rle|tif|tiff|wmf)'; I think I was trying to prevent the wmf XP issue back in December, and took all images out with a "Sorry: images not permitted at this time". But I never checked my logs, and the problem went away. But now I can see what percentage of emails have images, to see if its worth processing them. Today alone I've seen 157 out of about 750 (kinda wrong, as an email could have had 2 images in it... I only just thought about that) On a different note concerning images, what about an email filter logging the possibility of the images containing hidden data (i.e. Steganography test). Maybe its a bit overboard, but that harmless image of the birthday party at the office could contain hidden info about the current secret project.. Okay, a little far fetched, and paranoid. But I'd be curious if the detection tools would log anything (other than false positives). Although, couldn't the statistical testing an image show a difference between a photograph, and a spam message? I don't know how, not into image manipulation. Wouldn't the same picture, but with a different size/name/extension in multiple emails result in roughly the same high/mid/low tones? or the same red channel distribution (again, I don't know enough about images). Suppose this could also be an issue with storing, and looking at email images, which might complicate the testing. And (this'll be the last thought, honest ;-), I just got an auto response back from an abuse system (bank phishing scam report) that I forwarded the email to containing an embedded html image. The response has the same email, except it put: "(Embedded image moved to file: pic14474.jpg)" and sent it as an attachment. And the email contains [IMAGE] where the image was... Could this be a way to prevent the image tracking bots to those users who insist that html email is always shown in outlook. Thoughts? Best Regards Paul On Thu, Apr 20, 2006 at 10:58:12AM -0400, David F. Skoll wrote: > Kenneth Porter wrote: > > > I'm beginning to favor the idea of challenge/response systems, but only > > for "rich" content (ie. anything not pure text/plain). > > Intriguing... I normally hate C/R systems, but that might be a good idea. > Anything to make it more of a hassle to send non-plain-text e-mail is > a good idea, IMO. > > Regards, > > David. > _______________________________________________ > NOTE: If there is a disclaimer or other legal boilerplate in the above > message, it is NULL AND VOID. You may ignore it. > > Visit http://www.mimedefang.org and http://www.roaringpenguin.com > MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com > http://lists.roaringpenguin.com/mailman/listinfo/mimedefang -- Paul Whittney ArriveTech, Inc. Network Specialist / Systems Engineer / |3823 W 12th St, Suite A /--|Erie, PA, 16505, USA PWhittney [at] arrivetech.com (Main) / |www.arrivetech.com PWhittney [at] net.arrivetech.com (Aux) / |Tel: 814 868 3306 _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang