Image spam - how are you dealing with it? - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Lounge » Image spam - how are you dealing with it?

Page 1 of 2

1

Topic Options

#170563 - 2006-11-21 10:54 PM Image spam - how are you dealing with it?
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	As I'm sure many have experienced lately, spam containing images (remote images and embedded or attached ones) are becoming more and more common. These are also often filled with randomized text to poison any Bayesian filters. How are you dealing with this? Our company is using GFI MailEssentials, which up until this became common was a quite good product. GFI hasn't been very responsive at all lately though, and has just the last few days responded to this "new" threat with a patch that handles remote images. There's talk about OCR engines to recognize both text and "scanner watermarks", but are there any good proucts out there? DNS blacklists can only do so much. Edited by masken (2006-11-21 10:59 PM) _________________________ The tart is out there
Top

#170564 - 2006-11-21 11:31 PM Re: Image spam - how are you dealing with it?
StarwarsKid StarwarsKid Seasoned Scripter Registered: 2005-06-15 Posts: 506 Loc: Oregon, USA	Masken, I've been on the GFI board asking questions about OCR. Looks like that's not going to be a very good option for ME for the time being. I was able to dramatically change the amount of image spam that enters my network though. Here's what I did: Upgraded to ME12 Enabled Directory Harvesting Enabled more DNS blacklists (i.e. relays.orbd.org, list.dsbl.org, dnsbl.njabl.org, sbl-xbl.spamhaus.org, blsmapcop.net) Performed a regedit, increase image/text count GFI Regedit Link Reorder my rules to following: Custom Blacklist Email / Domain Whitelist IP Whitelist Keyword Whitelist DNS Blacklist Spam URI Realtime Blocklist Keywork Checking Directory Harvesting Header Checking Bayesian Analysis Sender Policy Framework Phishing URL Blacklist And then finally I edited my whitelist and took out some *@cisco.com references (where an entire domain name would be whitelisted.) I used to have approx 3000+ emails in my quarantine mailbox per day but now I only have about 500. My organization receives 17000+ emails a day, 95% is spam. _________________________ let the wise listen and add to their learning, and let the discerning get guidance- Proverbs 1:5
Top

#170565 - 2006-11-21 11:38 PM Re: Image spam - how are you dealing with it?
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	hmm.. okay, interesting. I've got most of your configuration covered already. I've prioritized the SPF-module more though, since that one seems to work good for me. I've just installed the new patch in this thread. Let's see if this one helps with the remote images. How many chars have you set as minimum in the remote image reghack? Also note that the new patch above ignores this registry value and works with another technique.
Top

#170566 - 2006-11-21 11:44 PM Re: Image spam - how are you dealing with it?
StarwarsKid StarwarsKid Seasoned Scripter Registered: 2005-06-15 Posts: 506 Loc: Oregon, USA	I set my reg key to 640 hex (1600 characters). I also learned the hard way that directory harvesting only works when I point it at my Global Catalog. The default is a DCs LDAP port, which takes 5-7 seconds per message. This was killing my smtp gateway. The GC port takes a few milliseconds per message, much better. I haven't installed the patch yet. Let me know how that works for you. _________________________ let the wise listen and add to their learning, and let the discerning get guidance- Proverbs 1:5
Top

#170567 - 2006-11-22 12:43 AM Re: Image spam - how are you dealing with it?
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	We use this Appliance . I would say it catches 95% of everything including image based spam.
Top

#170568 - 2006-11-22 12:49 AM Re: Image spam - how are you dealing with it?
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	And what was the cost of such system in total after all the other sales junk sold with it. i.e. subscriptions, software, etc... How many units per mailbox required?
Top

#170569 - 2006-11-22 01:11 AM Re: Image spam - how are you dealing with it?
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	I don't know what we paid for it (less than 20K), but the yearly service is 1700, and it does not care about the # of users, just have to make sure that you size it correctly.
Top

#170570 - 2006-11-22 01:16 AM Re: Image spam - how are you dealing with it?
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Sizing is sort of what I meant by users/mailboxes. Disney managed about 1TB of data a month a few years ago, not sure how much they handle now days. It all funnels into a dedicated mail hub before being sent to the Exchange Servers. Here where I'm at now though I can see the cost is too prohibitive for them to even consider. Don't like the SPAM, hit the DEL key
Top

#170571 - 2006-11-22 01:20 AM Re: Image spam - how are you dealing with it?
Gargoyle Gargoyle MM club member Registered: 2004-03-09 Posts: 1597 Loc: Valley of the Sun (Arizona, US...	I have worked in places like that, currently we are avergering around 1 million inbound per month I believe (I do not work with the mail system other than connectivity and firewall rules).
Top

#170572 - 2006-11-22 01:34 AM Re: Image spam - how are you dealing with it?
StarwarsKid StarwarsKid Seasoned Scripter Registered: 2005-06-15 Posts: 506 Loc: Oregon, USA	We have approx 250 users. GFI MailEssentials and MailSecurity is what I use. The software was approx. $4000. Yearly maint is approx $700. I have it on a Proliant DL360G4p with dual-dualcore and 2GB ram. It's running very well. We have approx 600,000 messages per month. .. To give an idea of sizing and cost.
Top

#170573 - 2006-11-22 03:34 AM Re: Image spam - how are you dealing with it?
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4563 Loc: USA	Quote: My organization receives 17000+ emails a day, 95% is spam That is absolutely sickening.
Top

#170574 - 2006-11-22 06:01 PM Re: Image spam - how are you dealing with it?
StarwarsKid StarwarsKid Seasoned Scripter Registered: 2005-06-15 Posts: 506 Loc: Oregon, USA	I'm not sure why we are getting so much. We're a govt. agency. I don't know if that plays into it or not. _________________________ let the wise listen and add to their learning, and let the discerning get guidance- Proverbs 1:5
Top

#170575 - 2006-11-22 06:09 PM Re: Image spam - how are you dealing with it?
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	10 Men Contribute to 80% of Spam _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#170576 - 2006-11-22 08:00 PM Re: Image spam - how are you dealing with it?
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	note on les' link... read on further enough or read the original article: http://www.spamhaus.org/statistics/spammers.lasso it ain't 10 men but 200.
Top

#170577 - 2006-11-22 10:59 PM Re: Image spam - how are you dealing with it?
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	well one thing's for sure. I'm looking for alternatives here. GFI has been a good product up until now. The situation here is that almost all spam-checking modules has stopped working and their support REALLY sucks. It also seems like some lead developer has quit or something, cause nothing's happenning with development. Check out the forums, it's full of frustrated customers and partners. Gonna try a re-install tomorrow. If it doesn't become better, I'm switching to something else. @doc, don't you even have the included IMF enabled? That takes care of alot of the usual spam and can actually be enough in many cases. There's also some free alternatives that can be interesting. Edited by masken (2006-11-22 11:02 PM)
Top

#170578 - 2006-11-23 12:24 AM Re: Image spam - how are you dealing with it?
StarwarsKid StarwarsKid Seasoned Scripter Registered: 2005-06-15 Posts: 506 Loc: Oregon, USA	I'm looking into greylisting with a Vamsoft.com product. I haven't installed it yet, but will test it on my smtp gateway soon. _________________________ let the wise listen and add to their learning, and let the discerning get guidance- Proverbs 1:5
Top

#170579 - 2006-11-23 03:00 AM Re: Image spam - how are you dealing with it?
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	@masken We don't handle the SMTP actually. Our ISP holds those mailboxes and they use SPAM ASSASIN I think. So it's not terrible. The image stuff you talk about is already under control by them.
Top

#170580 - 2006-11-23 02:47 PM Re: Image spam - how are you dealing with it?
Jack Lothian Jack Lothian MM club member Registered: 1999-10-22 Posts: 1169 Loc: Ottawa,Ontario, Canada	Just an aside about OCR: over the past 25 years I have worked on various projects that touched on OCR & somehow its limitations always make it a no-go. Every few years there are claims of big advancements in OCR but in real high volume production environments it is not yet a solution. The few times that I have seen OCR used, it was due to cost reasons & the results are inevitably a disaster. _________________________ Jack
Top

#170581 - 2006-11-23 03:03 PM Re: Image spam - how are you dealing with it?
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	Forget about OCR. The spammers are salting the images with "dirt" and resorting to wonky fonts.
Top

#170582 - 2006-11-23 03:46 PM Re: Image spam - how are you dealing with it?
masken masken MM club member Registered: 2000-11-27 Posts: 1222 Loc: Gothenburg, Sweden	@doc, oh hehe... I thought everyone just had to "live with it". and in the US, spam is often over 80% of the total mail flow. That would be like saysing to ppl "don't read your e-mail" hehe @StarwarsKid, have you checked out GRYNX? It's a free greylisting tool for Exchange http://www.grynx.com/projects/greylist/ Haven't tried it myself though. @Jack & Les OCR wouldn't primarily be used to interpret the image-text itself. It would be used to make "footprints" of the image which then could be used in a bayesian analysis for example. It could actually be very useful. Edited by masken (2006-11-23 03:50 PM)
Top

Page 1 of 2

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Arend_, Allen, Jochen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 778 anonymous users online.

Newest Members

batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users

Generated in 0.077 seconds in which 0.027 seconds were spent on a total of 13 queries. Zlib compression enabled.

click tracking