Image spam woes
October 11, 2006 12:13 PM Subscribe
The amount of image spam I'm getting has snowballed in the past few months. What can I do?
By image spam, I mean where spammers send their text content as a GIF image and then put a paragraph of unrelated text, like the Gettysburg Address, in plain text, to fool Bayesian filters.
I use PocoMail and K9. K9's Bayesian filtering does not work, no matter how many hundreds of messages I train it on (and I'm having concerns this will start snagging legitimate messages). I posted on the K9 forum and got no real response, so maybe it's time to switch programs.
Ideas for flagging image spam? I don't expect spam filters to OCR an image (though it doesn't seem farfetched to detect the sharp angular patterns of text). However I think spam protection has focused too heavily on Bayesian filtering of text, and is not asking questions like "what is this image doing here?"
And no, I can't go to GMail because the domain name I have to use is that of my small business. Bucketloads of spam get into GMail anyway, from what I've seen.
By image spam, I mean where spammers send their text content as a GIF image and then put a paragraph of unrelated text, like the Gettysburg Address, in plain text, to fool Bayesian filters.
I use PocoMail and K9. K9's Bayesian filtering does not work, no matter how many hundreds of messages I train it on (and I'm having concerns this will start snagging legitimate messages). I posted on the K9 forum and got no real response, so maybe it's time to switch programs.
Ideas for flagging image spam? I don't expect spam filters to OCR an image (though it doesn't seem farfetched to detect the sharp angular patterns of text). However I think spam protection has focused too heavily on Bayesian filtering of text, and is not asking questions like "what is this image doing here?"
And no, I can't go to GMail because the domain name I have to use is that of my small business. Bucketloads of spam get into GMail anyway, from what I've seen.
Yeah, Gmail gets bucketloads, but I only see them if I log in through gmail.com. They don't make it to Outlook.
Have you tried SpamBayes? Probably won't work any better than K9, but it's worth a shot.
posted by Mr. Gunn at 12:57 PM on October 11, 2006
Have you tried SpamBayes? Probably won't work any better than K9, but it's worth a shot.
posted by Mr. Gunn at 12:57 PM on October 11, 2006
Thunderbird allows you to block images from automatically loading in an email.
posted by RoseovSharon at 1:05 PM on October 11, 2006
posted by RoseovSharon at 1:05 PM on October 11, 2006
Response by poster: Thunderbird allows you to block images from automatically loading in an email.
Pocomail does that too, but it's a moot point as the issue is not the spam content but the fact the spams are clogging my inbox.
posted by rolypolyman at 1:20 PM on October 11, 2006
Pocomail does that too, but it's a moot point as the issue is not the spam content but the fact the spams are clogging my inbox.
posted by rolypolyman at 1:20 PM on October 11, 2006
Though this doesn't really solve the problem, it should be noted that you can bounce emails from your business domain name to Gmail so you read them through the gmail interface; you can even send them from gmail through your business domain, so though you write it in gmail your recipient will get an email from rolypoly@rolyswigits.com
just a thought
posted by craven_morhead at 1:26 PM on October 11, 2006
just a thought
posted by craven_morhead at 1:26 PM on October 11, 2006
I preview the mail using Mailwasher and have set up rules in Mailwasher so that any mail from people who aren't on my 'friends' list is marked as spam and highlighted in red so it's easy to spot. In addition, Mailwasher also flags probably spam of its own accord and it's right 99% of the time.
I can preview the mail without downloading to check that it is spam, and then delete it from the server without downloading it into my email programme.
Mailwasher is probably one of the best free utilities I've ever used.
posted by essexjan at 2:27 PM on October 11, 2006
I can preview the mail without downloading to check that it is spam, and then delete it from the server without downloading it into my email programme.
Mailwasher is probably one of the best free utilities I've ever used.
posted by essexjan at 2:27 PM on October 11, 2006
spamprobe does ocr on image spam and has been doing a pretty good job for me. using it in conjuction with spamassassin catches about 95% of the spam i get (much of it image spam).
posted by christy at 2:46 PM on October 11, 2006
posted by christy at 2:46 PM on October 11, 2006
Regarding the Barracuda suggestion:
Barracuda Spam Firewall 200 $ 1399 (US)
Barracuda Spam Firewall 300 $ 1999 (US)
Barracuda Spam Firewall 400 $ 3999 (US)
Barracuda Spam Firewall 600 $ 8999 (US)
Barracuda Web Filter 210 $ 1599 (US)
Barracuda Web Filter 310 $ 2699 (US)
I'm wagering this isn't what the OP is looking for. Looks like Barracuda is not intended for personal use.
posted by zek at 2:54 PM on October 11, 2006
Barracuda Spam Firewall 200 $ 1399 (US)
Barracuda Spam Firewall 300 $ 1999 (US)
Barracuda Spam Firewall 400 $ 3999 (US)
Barracuda Spam Firewall 600 $ 8999 (US)
Barracuda Web Filter 210 $ 1599 (US)
Barracuda Web Filter 310 $ 2699 (US)
I'm wagering this isn't what the OP is looking for. Looks like Barracuda is not intended for personal use.
posted by zek at 2:54 PM on October 11, 2006
Don't know if this will help or not, but this is what I've done. My mail mail account (ie, not my Gmail) is where I get my day-to-day stuff. I've used three prefixes to my account, so:
blah@blah.isp.co.uk
blur@blah.isp.co.uk
blurgh@blah.isp.co.uk
I have a rule in my mail client (Mail on the Mac, but I'm sure that others must be able to do this) that says if the mail doesn't come to one of those three specific addresses, it goes straight into my Junk folder, which I check once a day.
That might be do-able depending on how small your small business is.
Mail's junk filtering on these image spam mails is appalling - it might as well not have filtering as I don't honestly believe that it's actually filtered one of them in the past few months even though I mark each one as spam.
posted by TheDonF at 3:08 PM on October 11, 2006
blah@blah.isp.co.uk
blur@blah.isp.co.uk
blurgh@blah.isp.co.uk
I have a rule in my mail client (Mail on the Mac, but I'm sure that others must be able to do this) that says if the mail doesn't come to one of those three specific addresses, it goes straight into my Junk folder, which I check once a day.
That might be do-able depending on how small your small business is.
Mail's junk filtering on these image spam mails is appalling - it might as well not have filtering as I don't honestly believe that it's actually filtered one of them in the past few months even though I mark each one as spam.
posted by TheDonF at 3:08 PM on October 11, 2006
I use this rule for Mac OSX Mail.app. Maybe you could make a similar filter for your software.
posted by clearlydemon at 3:18 PM on October 11, 2006
posted by clearlydemon at 3:18 PM on October 11, 2006
Do you have your own mail server or are you picking up e-mail from your ISP? Either way, do you know what mail server you are running? Would you be willing to share your e-mail address with us in an obfuscated way?
posted by dgeiser13 at 3:22 PM on October 11, 2006
posted by dgeiser13 at 3:22 PM on October 11, 2006
This is a bit of a self link (disclosure - I sit on the board), but MailChannels has a product that solves this problem by using traffic shaping (so it doesn't care about the content). If the traffic looks spammy, then that IP only gets allocated a tiny bit of bandwidth, which seems to cut down on spam by about 80% before it even hits your content filter, and specifically deals with this sort of stuff that traditional content filtering can't. They have a free trial program, so it won't cost you anything but a bit of time to find out if it will solve your problem. Alternatively, if you're looking for a totally free solution, you could check out the OpenBSD project's spamd. It's a greylisting solution that mostly doesn't suck (it has all the problem of greylisting, so you need to evaluate if that will work for you). Because it doesn't care about content, it will work for this kind of junk as well.
posted by mock at 7:10 PM on October 11, 2006
posted by mock at 7:10 PM on October 11, 2006
BTW, a little birdie told me that Gmail is actually just Sophos PureMessage rebranded...
posted by mock at 7:11 PM on October 11, 2006
posted by mock at 7:11 PM on October 11, 2006
Ok... and how does that identify image spam?
The preview is in plain text so when you preview image spam, the message says something like "only the first 21 lines of this html message can be displayed" followed by html code for the first bit of the .gif image.
If you're unsure about whether something is legit, you can hit the space bar, and the whole message will be displayed (in plain text) so you can check whether or not it's a genuine message before deleting it.
There's also (on Mailwasher Pro anyway) an option to recover deleted messages should you zap something by mistake.
posted by essexjan at 11:36 PM on October 11, 2006
The preview is in plain text so when you preview image spam, the message says something like "only the first 21 lines of this html message can be displayed" followed by html code for the first bit of the .gif image.
If you're unsure about whether something is legit, you can hit the space bar, and the whole message will be displayed (in plain text) so you can check whether or not it's a genuine message before deleting it.
There's also (on Mailwasher Pro anyway) an option to recover deleted messages should you zap something by mistake.
posted by essexjan at 11:36 PM on October 11, 2006
This thread is closed to new comments.
I'm not aware of a local filter like K9 that would do the same, thing, though.
posted by I EAT TAPAS at 12:38 PM on October 11, 2006