From: <[EMAIL PROTECTED]>
> On Mon, Jul 31, 2006 at 01:57:52PM +0530, Ramprasad wrote:
>> So if the spammer keeps generating different images for every spam mail
>> then DCC RAZOR etc would be useless right ?
>
> An image is just content - much like text or HTML. How useful
> DCC/RAZOR/etc. would be depends highly on how they are used and
> on how sophisticated the spammer is. What I suggested is not the
> end-it-all solution for spam detection but another tool to add to
> the spamassassin toolbox.
>
> Also, generating new images potentially is computationally expensive
> enough that most spammers wouldn't try it.
>
> Over 50% of my false negatives this week would have been properly
> identified by IDing the image. YMMV.
>
> Tim
>
A few months ago I played around with a plugin that computed MD5 hashes
from images contained in a mail and compared that sum to a RBL-like
DNS-based database maintained by Will Stearns.
Results were somewhat disappointing. If Will still feeds the zone I can
post the code somewhere
Another idea was to check the images for correctness. Some spammers seem
to use slightly modified copies of a master image. These copies are
displayed correctly by the usual MUAs but they do contain errors that show
up when using Image::Info or something.
Dirk
Hi,
this should be possible to detect, but at least gif format can be modified easily
without
introducing errors: just play with unused colormap entries.
An algorithm that actually renders the image (eg converts it to pbm) before the
md5
would recognize images as the same while plain md5 will consider them different
Break the image into pieces. If too many pieces match on MD5 sum then
you score it higher than if lots of the image is different. But that
can get tedious to say the least.
{^_^}
