Spammers need images to get past word filters and to make an ad "stand out." Images can't be sent with the e-mail so src tags are used. href tags are also used for links they expect people to click on. "http://" is a unique identifier that absolutly cannot be obfuscated or it will not work. You can add a lot of junk before an @ symbol but eventually the real link must be there. Simply block that link and poof, no more spam from spammers advertising using that domain. You can block countless spammers by blocking a single 100% unique URL that no legitimate e-mail will ever contain.
The full write up [icarusindie.com] of my take on what I see as horribly flawed ways to combat spam and source code for the custom programs I use to strip links out of e-mails.
I have an example of spam posted there where everything is just a mess in the e-mail. The headers are forged, the text is all obfuscated. But there, clear as day is an "HTTP://"
Poof, killed the spam domain. And there's no way to circumvent my method except by not having links of any form in the e-mail. If you put a link in a spam, I will find it and I will block it.
You're wrong. Images can be included in the body of the message. Each one is a mime-attachment, and has an ID to which the IMG tag referrs. You can get a whole HTML-email full of images and have it completely self-contained in a single email message, without the need to contact any external server.
Spammers can't get away with e-mailing millions of messages if they're too large.
It would take 10 months or more to e-mail a message with a 20KB image 25 million times on a typical high speed connection. By referencing images off of hosts they can send the same number of messages in a week and the hosts can serve up the bandwidth required in half the time it takes to send the e-mails.
I think your math is off. Most of the spam that I get average around 5 to 7kB in size, some are a lot larger. By your calculations it would take 2.5 to 3.5 months to send each one to that many recipients. A typical spamrun does not last nearly that long.
whereas spam domains are a bit slower Actually, if you have a look at the Spamcop inprogress stats [spamcop.net] you'll notice that the spamvertised domains change pretty quickly. I use this exact type of filtering at work and I have to stay on my toes to harvest the newest domains. On the other hand, it seems to have VASTLY cut down on the amount of spam my users receive.
Your solution is actually one that already exists. It's called a "spamvertized" address.
There are many DNS-based Realtime Blackhole Lists that return a special code if the address has been advertized in spam. For an example, see this site. [dnsrbl.com]
Well, like any spam solution, this isn't good on it's own. I'm pretty sure I've sent people e-mails with the string 'http://' in them, letting them know about a website I've found. Or created.
It also seems like a Baysian filter would pick up on this by itself. Why write a spesific system to block out 'http://'.
And while images will make a spam stand out, so will getting past most spam filters. Thats why a lot of the spam I've been getting dosn't even register on the Baysian filter I use, and apear
My simple solution to spam (Score:5, Informative)
The full write up [icarusindie.com] of my take on what I see as horribly flawed ways to combat spam and source code for the custom programs I use to strip links out of e-mails.
I have an example of spam posted there where everything is just a mess in the e-mail. The headers are forged, the text is all obfuscated. But there, clear as day is an "HTTP://"
Poof, killed the spam domain. And there's no way to circumvent my method except by not having links of any form in the e-mail. If you put a link in a spam, I will find it and I will block it.
Ben
Re:My simple solution to spam (Score:2)
Not without killing your bandwidth (Score:2)
It would take 10 months or more to e-mail a message with a 20KB image 25 million times on a typical high speed connection. By referencing images off of hosts they can send the same number of messages in a week and the hosts can serve up the bandwidth required in half the time it takes to send the e-mails.
Ben
Re:Not without killing your bandwidth (Score:2)
Not entirely true... (Score:2)
Actually, if you have a look at the Spamcop inprogress stats [spamcop.net] you'll notice that the spamvertised domains change pretty quickly. I use this exact type of filtering at work and I have to stay on my toes to harvest the newest domains. On the other hand, it seems to have VASTLY cut down on the amount of spam my users receive.
Re:My simple solution to spam (Score:2)
Your solution is actually one that already exists. It's called a "spamvertized" address.
There are many DNS-based Realtime Blackhole Lists that return a special code if the address has been advertized in spam. For an example, see this site. [dnsrbl.com]
false positives out the ass (Score:2)
It also seems like a Baysian filter would pick up on this by itself. Why write a spesific system to block out 'http://'.
And while images will make a spam stand out, so will getting past most spam filters. Thats why a lot of the spam I've been getting dosn't even register on the Baysian filter I use, and apear
Read the article (Score:2)
It searches for "http://" to gather links.
Which domains end up actually being filtered out is handled manually.
How often do you send friends links to domains dedicated to spam?
And baysian filtering picks up all the words. It's sloppy, inefficient and error prone.
Ben