I doubt it will become cost effective for main stream spammers to send such large messages in the near future. Spammers return on a million messages is usually fairly infinitesimal and the cost of sending a million 1MB messages using hijacked home machines or unmonitored colo sites is just too high.
And what would make a 1MB message more attractive to the spammers "gullible" target market than a 1K message? Other than the fact that it made it through all of our spam filters...
If there is some realization in bandwidth soon and it does become feasible, I think these spammers will make it onto blacklists faster than anyone else due to the inadvertent denial of service attacks they will likely cause.
-----Original Message-----
From: Kelson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 01, 2004 7:37 PM
To: users@spamassassin.apache.org
Subject: 1-Megabyte Spam
It had to happen, I suppose. This morning I received a 996 KB message advertising, as near as I can tell, some Taiwanese take-out restaurant.
And by Taiwanese, I don't mean style of cooking, but *location*.
(Yeah, next time I go to lunch I'm definitely going to hop on a plane, fly halfway around the world, and eat at this place that spammed me in a language I can't read.)
The message consisted of a small HTML component and a gigantic JPEG image. Had it been smaller, it would have easily scored 15 points even before Bayes training (as spamsassassin -t demonstrated), but we don't run anything through SA larger than 256 KB (as is usually recommended).
I've blacklisted the IP, but it looks like a throwaway.
So I'm wondering - any ideas on dealing with giant-attachment spam?
I don't suppose there are enough efficiency gains in 3.0 to safely raise the size limit?
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
