daveh551 said:
Thanks for the reply, Vanguard. I've taken a couple days to try out
what you said. I downloaded and installed SpamPal, and turned on
the
Bayes, HtmlBody and HtmlModify plugins, but this particular spam
still
gets through without being detected. I've gone through about a
week's
worth of saved spam, and each of them comes from a different IP
address. I've added those to SpamPal's blacklist, but since every
new
one appears to be different, I doubt that will help any. I COULD
turn
on HtmlModify to reject anything with an IMG, but that would be
severe
overkill, since lots of the mailing lists I'm on have images in
them.
I already don't like that HtmlModify is taking out a lot of the
images
that it finds as possible webbugs.
Any other ideas?
BTW, my email host (
www.readyhosting.com) already runs a Bayes
filter
and blacklist on the incoming mail (it looks like SpamAssassin), but
these are still passing. SpamPal is probably redundant of that
effort.
Reading into an image isn't possible because just one pixel difference
means it is a different image. You'll have to decide whether you
willy nilly go reading every e-mail just because it has an image.
Every e-mail client that I use has an option to disable images unless
*I* choose to see the image. You don't need HTML-Modify removing the
images but you will probably want it scoring the mails based on image
counts (unless, of course, you like getting highly spammy mails with
all the glitter of images that provide little content). Have your
e-mail client disable images until you want to read them. With
HTML-Modify, all of those *linked* image are still available, and all
of the embedded images will always be there unless YOU configure
HTML-Modify to block all images, even embedded ones. HTML-Modify, by
default, blocks the linked images (i.e., the spammy crap that
obviously wasn't important enough by the sender for the sender to
actually include them in the e-mail and instead provided a link to
them). I'm on newsletters, too, but the linked images are common
images so they aren't specific the e-mail that *I* receive. Plus, you
can always looks at the URL that HTML-Modify changed (in the <IMG> tag
that got renamed to <XMG>) and go browse to it if you thought it was
that important. You might also want to disable the Preview pane and
enable AutoPreview mode, like in Outlook, that shows the first few
lines of each mail as text-only so you can get an idea of what is in
the mail. Of course, if you don't know from who the message
originates then you probably don't want it and the extra text-only
lines will help in deciding what is good or not.
If the mails are truly originating from different IP addresses then
you are some spammer's mail list who has an army of zombied hosts from
which to spew their crap. That is, they are running trojan mailer
daemons on idiot user's hosts. You could use the MXBlocking plug-in
to tag any mails that originate from dynamically addressed hosts, like
those that get their IP addresses from a DHCP server (dial-up users,
cable and DSL users). As mentioned, you could use the RegEx plug-in.
Most of the image-ridden spam that I've received hid their content in
a GIF file, but no one that I know or do business with puts images in
GIF files. If I was to get bombarded by GIF images in spam mails, I'd
define a filter in RegEx to look for the MIME header with a filetype
of .gif and tag that mail. I don't get those anymore so you would
have to look at the data in the mail to see what the MIME header looks
like. Unfortunately, Outlook fucks over the raw data of e-mails to
convert to its proprietary format stored in its PST file, so you might
want to use Outlook Express or some other e-mail program to see the
raw mail source.
