You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by cr...@animalhead.com on 2007/02/28 00:50:56 UTC

Retry of inquiry about single-GIF leaks

Yesterday I wrote to express surprise that our SA tends to leak
spam into our Inbox that contains one GIF image, and that none
of the built-in tests involving images triggers on such emails.

Looking more at such spam, it looks like they avoid the built-in
tests by the following means:

1. They provide enough (visible but meaningless) text to exceed
     HTML_IMAGE_ONLY_32 and __HTML_LENGTH_1536_2048.

2. The text has enough relative area to exceed
     HTML_IMAGE_RATIO_08.

3. The text size is large enough to exceed the small font size tests.

For myself, I would be happy to have one or more new tests that
detect something like "one GIF image, the length or area of
which exceeds a gadget like a signature, button, or icon".  By
scoring such a thing with maybe 2 points, I could consign this
last major category of spam leaks to the Junk folder.

Have such test(s) been written, and if so can I get them, and
if so, how?

If not, can anyone suggest resources that might help me write
my own test(s)?  Particularly of interest are routines that
measure the source length or decoded area of an image.

Thanks,
Craig MacKenna
www.animalhead.com

P.S.: those of you interested in DNSBLs might like
http://www.animalhead.com/false_pos.html