You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "Casartello, Thomas" <tc...@wsc.ma.edu> on 2009/09/01 02:04:40 UTC
HTML Image Spam
Any good way of blocking HTML images? I have Fuzzy Ocr, and when I copy this
message and send the picture directly in the message, Fuzzy OCR picks it up.
What they're doing is using an <img src> tag to show the picture with the
Viagra/cialis pills which is on a remote website instead of attaching or
putting the image directly in the message.
Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
(413) 572-8245
Red Hat Certified Technician (RHCT)
RE: HTML Image Spam
Posted by "Casartello, Thomas" <tc...@wsc.ma.edu>.
It's all at t35.com
valrietaolheqs.t35.com that's where they want you to go.
The picture is stored on:
alfredlolzs.t35.com
Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
Red Hat Certified Technician (RHCT)
-----Original Message-----
From: John Hardin [mailto:jhardin@impsec.org]
Sent: Monday, August 31, 2009 8:43 PM
To: users@spamassassin.apache.org
Subject: Re: HTML Image Spam
On Mon, 31 Aug 2009, Casartello, Thomas wrote:
> What they're doing is using an <img src> tag to show the picture with
> the Viagra/cialis pills which is on a remote website instead of
> attaching or putting the image directly in the message.
What's the hostname in the img src URI? Does it hit any URIBL?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
No representation without taxation!
-----------------------------------------------------------------------
51 days since a sunspot last seen - EPA blames CO2 emissions
Re: HTML Image Spam
Posted by John Hardin <jh...@impsec.org>.
On Mon, 31 Aug 2009, Casartello, Thomas wrote:
> What they're doing is using an <img src> tag to show the picture with
> the Viagra/cialis pills which is on a remote website instead of
> attaching or putting the image directly in the message.
What's the hostname in the img src URI? Does it hit any URIBL?
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
No representation without taxation!
-----------------------------------------------------------------------
51 days since a sunspot last seen - EPA blames CO2 emissions
Re: HTML Image Spam
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Tue, 2009-09-01 at 02:52 +0200, Karsten Bräckelmann wrote:
> On Mon, 2009-08-31 at 18:26 -0600, LuKreme wrote:
> > Short of that, he WILL get spam. SA is good, it's not that good.
> > Nothing is.
>
> True. As long as we're after the bad boys. Same with the police. They
> can resolve a crime, they can't always prevent it.
Or, maybe -- let me put it this way. By reviewing spam, I've probably
come across more expressions for "penis" in English, than I ever will
know in German, my mother tongue.
If you try hard enough to circumvent a filter, you ultimately /can/
succeed -- temporarily.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: HTML Image Spam
Posted by Karsten Bräckelmann <gu...@rudersport.de>.
On Mon, 2009-08-31 at 18:26 -0600, LuKreme wrote:
> On 31-Aug-2009, at 18:19, Casartello, Thomas wrote:
> > The guy who got the message is making a big stink about the fact that he got
^^^^^^^^^^^
> > the message. I figured there's really not that much that can be done.
^^^^^^^^^^^
Is that really singular!? So he got a single spam slip through? If he's
making a really big fuzz out of that, tell him to get a life.
> If he wants to get absolutely no spam that is very very easy.
> Disconnect the Ethernet cord.
>
> Short of that, he WILL get spam. SA is good, it's not that good.
> Nothing is.
True. As long as we're after the bad boys. Same with the police. They
can resolve a crime, they can't always prevent it.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
Re: HTML Image Spam
Posted by Dan Schaefer <da...@performanceadmin.com>.
Casartello, Thomas wrote:
> Well said :)
>
> Thomas E. Casartello, Jr.
> Staff Assistant - Wireless/Linux Administrator
> Information Technology
> Wilson 105A
> Westfield State College
>
> Red Hat Certified Technician (RHCT)
>
>
> -----Original Message-----
> From: LuKreme [mailto:kremels@kreme.com]
> Sent: Monday, August 31, 2009 8:27 PM
> To: users@spamassassin.apache.org
> Subject: Re: HTML Image Spam
>
> On 31-Aug-2009, at 18:19, Casartello, Thomas wrote:
>
>> Well my client doesn't load images, and I already check against the
>> zen rbl.
>> The guy who got the message is making a big stink about the fact
>> that he got
>> the message. I figured there's really not that much that can be done.
>>
>
> If he wants to get absolutely no spam that is very very easy.
> Disconnect the Ethernet cord.
>
> Short of that, he WILL get spam. SA is good, it's not that good.
> Nothing is.
>
>
Or...you could turn off spam filtering for this user to show him just
how much spam he's NOT getting.
--
Dan Schaefer
Web Developer/Systems Analyst
Performance Administration Corp.
RE: HTML Image Spam
Posted by "Casartello, Thomas" <tc...@wsc.ma.edu>.
Well said :)
Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
Red Hat Certified Technician (RHCT)
-----Original Message-----
From: LuKreme [mailto:kremels@kreme.com]
Sent: Monday, August 31, 2009 8:27 PM
To: users@spamassassin.apache.org
Subject: Re: HTML Image Spam
On 31-Aug-2009, at 18:19, Casartello, Thomas wrote:
> Well my client doesn't load images, and I already check against the
> zen rbl.
> The guy who got the message is making a big stink about the fact
> that he got
> the message. I figured there's really not that much that can be done.
If he wants to get absolutely no spam that is very very easy.
Disconnect the Ethernet cord.
Short of that, he WILL get spam. SA is good, it's not that good.
Nothing is.
--
I'll trade you 223 Wesley Crushers for your Captain Picard
Re: HTML Image Spam
Posted by LuKreme <kr...@kreme.com>.
On 31-Aug-2009, at 18:19, Casartello, Thomas wrote:
> Well my client doesn't load images, and I already check against the
> zen rbl.
> The guy who got the message is making a big stink about the fact
> that he got
> the message. I figured there's really not that much that can be done.
If he wants to get absolutely no spam that is very very easy.
Disconnect the Ethernet cord.
Short of that, he WILL get spam. SA is good, it's not that good.
Nothing is.
--
I'll trade you 223 Wesley Crushers for your Captain Picard
RE: HTML Image Spam
Posted by "Casartello, Thomas" <tc...@wsc.ma.edu>.
Well my client doesn't load images, and I already check against the zen rbl.
The guy who got the message is making a big stink about the fact that he got
the message. I figured there's really not that much that can be done.
Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
Red Hat Certified Technician (RHCT)
-----Original Message-----
From: LuKreme [mailto:kremels@kreme.com]
Sent: Monday, August 31, 2009 8:17 PM
To: users@spamassassin.apache.org
Subject: Re: HTML Image Spam
On 31-Aug-2009, at 18:04, Casartello, Thomas wrote:
> What they're doing is using an <img src> tag to show the picture
> with the
> Viagra/cialis pills which is on a remote website instead of
> attaching or
> putting the image directly in the message.
Run a mail client that doesn't load images from remote servers?
Check incoming mail against the zen rbl.
Both of these will help.
--
You think you can catch Keyser Soze? You think a guy like that
comes this close to getting caught, and sticks his head out? If
he comes up for anything it'll be to get rid of me. After that
my guess is you'll never hear from him again.
Re: HTML Image Spam
Posted by LuKreme <kr...@kreme.com>.
On 31-Aug-2009, at 18:04, Casartello, Thomas wrote:
> What they're doing is using an <img src> tag to show the picture
> with the
> Viagra/cialis pills which is on a remote website instead of
> attaching or
> putting the image directly in the message.
Run a mail client that doesn't load images from remote servers?
Check incoming mail against the zen rbl.
Both of these will help.
--
You think you can catch Keyser Soze? You think a guy like that
comes this close to getting caught, and sticks his head out? If
he comes up for anything it'll be to get rid of me. After that
my guess is you'll never hear from him again.