> On Mon, Jul 31, 2006 at 01:57:52PM +0530, Ramprasad wrote: >> So if the spammer keeps generating different images for every spam mail >> then DCC RAZOR etc would be useless right ? > > An image is just content - much like text or HTML. How useful > DCC/RAZOR/etc. would be depends highly on how they are used and > on how sophisticated the spammer is. What I suggested is not the > end-it-all solution for spam detection but another tool to add to > the spamassassin toolbox. > > Also, generating new images potentially is computationally expensive > enough that most spammers wouldn't try it. > > Over 50% of my false negatives this week would have been properly > identified by IDing the image. YMMV. > > Tim >
A few months ago I played around with a plugin that computed MD5 hashes from images contained in a mail and compared that sum to a RBL-like DNS-based database maintained by Will Stearns. Results were somewhat disappointing. If Will still feeds the zone I can post the code somewhere Another idea was to check the images for correctness. Some spammers seem to use slightly modified copies of a master image. These copies are displayed correctly by the usual MUAs but they do contain errors that show up when using Image::Info or something. Dirk
