[milters] Archive

Lists Index Date Thread Search

Article: 1351
From: Taylor, Grant
Date: 2006-12-05 15:00:52 -0500
Subject: Re: new milter idea: milter-random-named-file

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

Michael Elliott wrote:
> Hello Anthony.  I have a request for a new milter to put on your 
> "whenever I get to it" pile.  Just let me know if that would January
> or September.  ;-)  It is intended to go after the pump-and-dump 
> stock scams.  That is the only real class of problem email I am having
> today at the ISP level.  This will allow the first few messages through
> as it auto learns.  Then it will block the rest of the garbage.


> This idea should work to kill a lot of what is floating around today, and
> will be defeated when the enemy starts using image creation tools to 
> modify the outgoing image for every message.  Today, while it is possible,
> they are not spending that much cpu power to generate their message.
> They are randomizing text sections currently, but not the image files other
> than filename.  I admit this will only give us 6 months of use in the 
> arms war, but it would be an effective weapon.  It will also pick off the 
> occasional virus is you leave the attachment types a little more open.

I think this is a very good and creative out side of the box thinking type 
of idea.  However, I feel like there is a lot of room for error.  You did 
touch on some of the room for error with Grandma sending / receiving lots of 
pictures of grand kids.  I still think there is a lot of room for error / 
mis-interpretation of things.  Rather than out right rejecting messages, I'd 
add a header that included the number of times an image matched and then use 
something like SpamAssassin to look for this to alter the spam score for a 
given message and reject using something like milter-spamc.

Just my $0.02 worth.

Grant. . . .

Lists Index Date Thread Search