Loads of pump&dump spam

by Volker Weber

A week ago I started receiving loads of pump&dump spam. An all-html message with a large gif file which contains the payload. Do you have any suggestions how to tweak SpamAssassin to trap these mails?


I have been receiving these types of spam for a couple of months. I heard about one solution where the SA admin installed an OCR reader and OCR'd all images to determine if they were spam.

The spammers had already thought about that: Some of the GIFs are actually animated GIF's - each frame showing just a part of the spam message.

I guess there is no easy solution for the time being

Jens-Christian Fischer, 2006-10-27

Same here. It's been bad enough we are looking beyond SA to other solutions. Good luck, I hope enough people read that we get more helpful responses.

Also, what do you consider 'loads'? Lots of spam is relative to what you were getting yesterday; I'd suggest 2-5/day as a safe range after filtering, what do others see? We started getting more complaints once people started tripping into 5-10, which I'd agree is annoying enough to look into better controls. After calculating the productivity loss of even 10 seconds times employees and estimated spam, it adds up quick!


Rich Thomsen, 2006-10-27

Hrm ... i'm doing it the obvious (for me) way: increased points for HTML_MESSAGE over 50.
HTML is evil ...

In the beginning was the word and the word was
content-type: plain/text

Olaf Baumert, 2006-10-27

Hi Volker,

maybe this one helps:

# ImageInfo - designed to catch image spam
loadplugin Mail::SpamAssassin::Plugin::ImageInfo

ImageInfo announced
HowTo (search for ImageInfo)

Florian Steinel, 2006-10-28

I am using DSPAM and after some training of the filter I have no more problems with SPAM like this. My SPAM ratio is 58% and DSPAM catches more than 99% of them. Also these with images!


Detlev Schümann, 2006-10-28

Here's one possible solution - block China.

Chris Linfoot, 2006-10-31

