From reading the first few lines describing what postgrey does (reject
connections and hoping that spammers won't retry) then it sounds like a
doomed tactic since I've just read (on Security Fix? not sure) that
spammers
got over this silly hurdle and now will retry, causing even more
traffic for
sites which employ this method.
I can confirm that this happens, esp for the penny stocks spam with
.GIF, which is why I need to get FuzzyOcr working. :(
I for one wouldn't bother even bother FuzzyOcr.
It represents only an incremental step in the detection, and on the
spammers are pretty much able to beat already.
I'm already seeing animated image spam with increased levels of noise,
varying fonts and other tricks.
It's only a matter of time till the image spam is sophisticated enough
to existing OCR software, even fuzzy OCR, is going to start getting in
trouble.
Frankly, I think 90% of the anti-spam techniques I here about are pretty
horrendous.
They generally rely on the argument "Well the spammer don't $something,
so we use a method that stops anything that doesn't $something".
These methods all have a limited lifespan, because all that needs to
happen is that the spammers start doing $something, and the anti-spam is
defeated.
More people need to realise that spammers can program too, and aren't
stupid. (Not any more)
Adam K
P.S. That's not a dig at you Howard, more of a rant in general :)
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
