On Wed, 27 Jun 2007, Wael Shahin wrote: > I have two servers one is running DCC and one is not, the one that is > running DCC didn't pass the message or maybe I am mistaken but it didn't > go through (Maybe didn't get there at all from the first place). > On the other server that is not running DCC the email went through and > it was an empty email body with a PDF attachment
No wonder I think. DCC will notice/flag spam 'already seen elswhere'. AND that may be the only way to decide whether the pdf(s) are junk or real information. So Spamtraps or honeypots may be the fist choice. The last 'try' of the spammers was to put the pictures into Word-docs or powerpoint docs, so I assume they just go through every format of 'embeddable attachment' for which a 'plugin or viewer' exists and which is automagically opening in mailbrowsers (which must be carelessly configured to show the picture, but which is default). So on the long run we need a generic way to mime-strip contents of attachments (like virus-filters do it!) and recursively feed all parts of the mail into scanners for spam (eighter text or picture scanner). If there is a simple way to program signatures for virus-checkers it might be possible to catch specific pictures therewith. Alternatively you could forbid such attachments completely, but that has no chance in a university environment like I'm in. We got wo 'waves' of pdf's here. The first wave was stopped here by noticing that the spammers did program the spambots with a repeated pattern of filenames, but they noticed and the second wave is only random nonsense plus the pdf. But every 'normal' user would never open a pdf out of a mail of nonsense, so they reach only a small fraction which might not be useful for pushing stocks. So I hope that 'fad' might die out soon, like the other waves of doubly-packed pictures in rtf, word, powerpoint did. Stucki -- Christoph von Stuckrad * * |nickname |<[EMAIL PROTECTED]> \ Freie Universitaet Berlin |/_*|'stucki' |Tel(days):+49 30 838-75 459| Mathematik & Informatik EDV |\ *|if online|Tel(else):+49 30 77 39 6600| Takustr. 9 / 14195 Berlin * * |on IRCnet|Fax(alle):+49 30 838-75 454/
