[THIN] Re: OT: spam gifs
- From: "Euan Cooper" <euan.cooper@xxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 26 Apr 2006 09:36:07 +1200
The giff (or other image) is inbedded within the e-mail (as displayed to the
user) with html code. If a recipeint clicks anyware on the image it usually
trys to open a url (sometimes it uses a Mail to: link instead). While no
system can catch EVERY spam we are finding the software we are using IS
catching better than 95% of spam with VERY few false positives. In our case
simply stripping the image from inbound messages is NOT an option - firstly
because we do receive a significant number image files as part of the work we
do and secondly our staff would moan like heck if they still got hundreds of
"blank" spam mail. BTW - what happens if a user clicks on the "white space"
of one of the messages you have stripped the giff out of - does it still try yo
open the url?
-Ec
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of
Matthew Shrewsbury
Sent: 26 April 2006 8:47 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: spam gifs
If the gif image is opening from a url then your said system works fine. We are
talking when gif image is embedded in the email. Although lists do work well
spammers use throw away domains that last in some cases as little as 24 hours
and the lists can't keep up with that.
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Network Manager
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Euan Cooper
Sent: Tuesday, April 25, 2006 4:35 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: spam gifs
Our anti spam filter catches most of these type off spam - they all use html to
display the giff (or tiff of jpg) and an <a href> to point ot a web site - by
comparing the url with lists of known SPAM urls we get a very high "hit rate"
on this type of spam. The vendor maintains the list of known spam urls, so as
new ones are found our system detects them.
In our case we could not simpy block image files as we have legitimate business
needs to allow images in e-mails
-Ec
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On Behalf Of
Matthew Shrewsbury
Sent: 25 April 2006 4:26 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: OT: spam gifs
I banned *.gif files last year and have not regretted it. I use a open relay
filter that just removes the *.gif files from the email.
Matthew Shrewsbury, MCSE+Internet MCSE 2000 CCA Server+
Network Manager
-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of
Roger Riggins
Sent: Monday, April 24, 2006 11:53 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] OT: spam gifs
We've recently started receiving some spam that is simply a .gif that contains
the text so the spam filters aren't able to check content. It appears that the
only way to block this is to ban messages that contain .gifs. Is it going to
eventually come to that? Are any of you running into the same dilemma?
Thanks,
Roger Riggins
Network Administrator
Lutheran Services in Iowa
w: 319.859.3543
c: 319.290.5687
http://www.lsiowa.org
Lutheran Services in Iowa Confidentiality Notice
==================================================================
The information contained in this communication may be confidential,
is intended only for the use of the recipient(s) named above, and
may be legally privileged. If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication, or any of its
contents, is strictly prohibited. If you have received this
communication in error, please return it to the sender immediately
and delete the original message and any copy of it from your computer
system. If you have any questions concerning this message, please
contact the sender.
Other related posts: