----- Original Message -----
From: "David F. Skoll" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Thursday, April 20, 2006 8:02 AM
Subject: Re: [Mimedefang] Image blocking idea
[EMAIL PROTECTED] wrote:
Here's an idea for blocking image spam: What about taking the idea of
SURBL and DNSRBls and extending it to images. My proposal is to hash the
image and do a DNS query using the hash value and domain hosting the
image
RBL.
This is a good idea until spammers start mutating their images.
They already ARE altering the images to do hashbusting. If you look at the
stock scam images (which are very prolific), you'll see "random" noise in
the image background ... just a few pixels here and there that are a
slightly different color than the background.
I tried generating SHA1 hashes on a day's worth of incoming inline images
and only got a few duplicate hashes -- most of which were for legitimate
messages.
It might be more profitable to ban inline images from sites on select
DNSBLs. I haven't investigated the false positive rate on this idea yet, so
take this idea with the appropriate dose of salt.
Chris Myers
Networks By Design
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
