Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] [off-topic] OCR milter?

2006-11-02 by Oliver Fromme

manu@... wrote:
 > Oliver Fromme wrote:
 > 
 > > I think a better approach (i.e. much faster and more
 > > reliable) would be to create a public database of such
 > > images.  Spammers aren't generating new images for every
 > > single mail, so that should be feasible.
 > 
 > But it's extremely easy for the spammer to generate a new image each
 > time, with a few changing pixels. That costs nearly nothing.

In order to change even a single pixel, the spammer would
have to decompress the image, and then compress it again.
That costs quite a bit of CPU resources, so I don't think
they're doing that when sending millions of spam mails.

Someone else mentioned that the spammers are already trying
to confuse OCR, by including background patterns, color
gradients, speckle pixels etc...   Maybe that can be taken
to our advantage.  It should be possible to write a filter
that detects such anti-OCR patterns.  (Very similar to the
filters that detect anti-Regex tyyp0s 1n Subjetc 1ines...)

 > OCR is time-consuming, but it can be spread on many machines, should you
 > need it. And in order to avoid DoS, you can decide that images
 > containing GIF are second-class citizen and process them slower than
 > regular mail. It's extremely easy to do: you only have to nice the OCR
 > computing.

It might work on personal machines that receive only mail
for one person, or maybe a few users.  (Obviously that's
already the case, see SpamAssassin + gocr.)  But it won't
work on large servers that receive mail (and spam) for
hundreds or thousands of people.

So far I don't receive much spam with images.  Or maybe I
just don't notice because greylisting and other measures
drop them before I see them.  :-)   But if it became a
real problem one day, I would simply drop all mails that
contained images.  There's no reason someone has to mail
me an image.  And even _if_ someone wants do to that, he
will have to gzip it or uuencode it or whatever (spammers
cannot gzip or uuencode their images, because most people
won't see them).

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd
Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.

"Python is an experiment in how much freedom programmers need.
Too much freedom and nobody can read another's code; too little
and expressiveness is endangered."
        -- Guido van Rossum

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.