Re: [anti-spam-wg] Imaged spam


At 06:54p +0100 06/21/2006, Michele Neylon :: Blacknight.ie didst inscribe upon an electronic papyrus:

peter h wrote:
 > Throwing away html-formatted e-mail is a good way to deal with this type
 of abuse.

That sounds like complete overkill. There are ways of blocking the image
spam, but simply blocking all HTML email isn't the sanest...

I do both, because I like to know what exactly it was about the HTML message that made it get blocked.

And don't forget, I think it was a given that you would whitelist the few senders from whom you do allow it (like one's mother, or those who are still using AOL 7.0 or whichever version was broken; i'm too lazy to check expita).

My rules go something like this (vastly simplified for brevity):

if whitelisted sender, let it through
if multipart, trash it (recoverable)
if image spam, delete it
if obfuscated html, delete it
if html, delete it

My filter logs its actions, so I regularly check and see if something was deleted that I need resent (and whitelisted to allow through, duh).

It works for me.


At 09:59a +0100 06/22/2006, Michele Neylon :: Blacknight Solutions didst inscribe upon an electronic papyrus:

Gert Doering <
> said on 22 June 2006 09:57: > Blocking all HTML email sounds like a very good plan to get rid of > current and future crap e-mail. Only if you live in a little cave ..... In the real world HTML email is used by a very large number of businesses, so if you can afford to cutoff your livelihood go ahead. I don't mind :)

I think the point is that most HTML mail is spam, and most spam is HTML (well, it was, but seems to be going back more to text specifically to get around our attempts to block it by blocking HTML, heh), so by blocking HTML you block a large amount of spam. Also, HTML is "unsolicited" bulk inside the email, so that's a kind of UBE in and of itself. Waste of bandwidth (time) and disk space, and adds nothing of value. If I want a Web page, there's this thing called the World Wide Web where they were designed for; it was never designed for email, and was only put there out of sheer laziness.


At 10:05a +0100 06/22/2006, Michele Neylon :: Blacknight Solutions didst inscribe upon an electronic papyrus:

Gert Doering <
> said on 22 June 2006 10:03: > Well, YMMV, but I just *cannot*read* HTML mail anyway - as I'm using
 a text mode e-mail client.

That's your choice

 > Surprisingly enough, communication with our customers works very well.

Lucky you

 > The only things that come in as HTML-*only* are SPAM, Advertising,
 and Viruses.

Not my experience.

Thus the "YMMV" phrase above. That's why configurability is good. :-D

-Walter