RE: [Declude.JunkMail] spam w/ all images
Hi Bill, If the email contains only images and no text the images are linked to external sources (http://www.domain.com/image.g_i_f ) SPAMCHK gives a certain weight if there are external images. We've tried to filter mails containing ONLY images (after removing all HTML there should not remain any character) We've found 1 or 2 of 1. Most of the only-image-spams has a short text at the end if y_ou do not w_ant... The question is how to distinguish this spam from emails like: Hi Bill, her you can see the pictures from our family last week on xyz national park ... [pic1] [pic2] ... Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill B. Sent: Sunday, March 09, 2003 6:51 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] spam w/ all images Scott, How about adding a test for if the text/html segment of an email contains all IMG tags, with no actual text? Seems like that sort of spam is getting more prevelent lately. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spam w/ all images
I haven't tried SPAMCHK yet, but I've heard you guys talking about it on the list. Maybe I'll give it a try. Thanks -Original Message- From: Markus Gufler Sent: Mon, 10 Mar 2003 09:40:55 +0100 Subject: RE: [Declude.JunkMail] spam w/ all images Hi Bill, If the email contains only images and no text the images are linked to external sources (http://www.domain.com/image.g_i_f ) SPAMCHK gives a certain weight if there are external images. We've tried to filter mails containing ONLY images (after removing all HTML there should not remain any character) We've found 1 or 2 of 1. Most of the only-image-spams has a short text at the end if y_ou do not w_ant... The question is how to distinguish this spam from emails like: Hi Bill, her you can see the pictures from our family last week on xyz national park ... [pic1] [pic2] ... Markus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill B. Sent: Sunday, March 09, 2003 6:51 AM To: [EMAIL PROTECTED] Subject: [Declude.JunkMail] spam w/ all images Scott, How about adding a test for if the text/html segment of an email contains all IMG tags, with no actual text? Seems like that sort of spam is getting more prevelent lately. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spam w/ all images
I have had good luck stopping a few spammers by looking at the image paths, alot of these clowns serve their images from comprimised (or open by default) servers. This is especially prevalent among the pornsters. For example the same graphic based spam may have been sent from several sources with different image urls. http://10.10.10.1/mort/img/refin-01.jpg http://192.168.1.1/mort/img/refin-01.jpg Filter for /mort/img/refin-01.jpg and they are gone Keep a separate file for these types of tests becuase these are usually temporary, management will be much easier Have a great day! Rick Davidson Buckeye Internet Inc. www.buckeyeweb.com 440-953-1900 ext 222 - - Original Message - From: Bill B. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 09, 2003 12:50 AM Subject: [Declude.JunkMail] spam w/ all images Scott, How about adding a test for if the text/html segment of an email contains all IMG tags, with no actual text? Seems like that sort of spam is getting more prevelent lately. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] spam w/ all images
Rick, Would you mind posting a copy of this file? Thanks much! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rick Davidson Sent: Monday, March 10, 2003 12:18 To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] spam w/ all images I have had good luck stopping a few spammers by looking at the image paths, alot of these clowns serve their images from comprimised (or open by default) servers. This is especially prevalent among the pornsters. For example the same graphic based spam may have been sent from several sources with different image urls. http://10.10.10.1/mort/img/refin-01.jpg http://192.168.1.1/mort/img/refin-01.jpg Filter for /mort/img/refin-01.jpg and they are gone Keep a separate file for these types of tests becuase these are usually temporary, management will be much easier Have a great day! Rick Davidson Buckeye Internet Inc. www.buckeyeweb.com 440-953-1900 ext 222 - - Original Message - From: Bill B. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 09, 2003 12:50 AM Subject: [Declude.JunkMail] spam w/ all images Scott, How about adding a test for if the text/html segment of an email contains all IMG tags, with no actual text? Seems like that sort of spam is getting more prevelent lately. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] spam w/ all images
How about adding a test for if the text/html segment of an email contains all IMG tags, with no actual text? Seems like that sort of spam is getting more prevelent lately. We are looking at the possibility of (optionally) parsing HTML segments, which might end up allowing for this somehow (by checking for a message body that was blank except for spaces/linefeeds). -Scott --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.JunkMail. The archives can be found at http://www.mail-archive.com.
