I'm trying to do some stochastic analysis of stock spams and
figure out if there's a common fingerprint that can be used to
identify them...
Philip:
Have you looked at Dallas' ImageInfo.pm? See
http://www.rulesemporium.com/plugins.htm. It's a great place to start
building image rules. However, I think you are barking up the wrong tree.
The spams have been very effective at being randomized.
I will also say that the stock image spams have been very effective at
thwarting traditional anti-spam techniques. It's been an ebb and flow
battle for weeks (months?) with them. But I am happy to say that if you use
MIMEDefang, I've been VERY pleased with the results of the AOL-esque reverse
DNS test that I wrote a few weeks ago.
I'm continuing to tweak it but I just put the latest version up in
http://www.peregrinehw.com/downloads/MIMEDefang/mimedefang-filter-KAM. I
use this in conjunction with my ruleset which only SCORES the emails. I do
NOT use this technique to block email like AOL. This may change. The rules
are in http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
Good Luck!
Regards,
KAM
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
