A little light relief in an 'enlargement' spam
Jason Steer from IronPort sent me over an image taken from a recent spam for an 'enlargement' product. Here's the image:
Since the text is large I thought it would be fun to run this through gocr to OCR out the text and URL. Here's the output of gocr on the image (I removed a few blanks lines for clarity here):
So, that worked out well :-) Nevertheless, the domain is listed in the SURBL:
So, if you can extract the domain name from the image it's possible to check it against the SURBL and blacklist the message. Switching over to Google's Tesseract OCR system revealed the following:
Since the text is large I thought it would be fun to run this through gocr to OCR out the text and URL. Here's the output of gocr on the image (I removed a few blanks lines for clarity here):
(PICTURE)
__%[0______
__ ___
______
_ ____
So, that worked out well :-) Nevertheless, the domain is listed in the SURBL:
$ dig relies.net.multi.surbl.org
;; QUESTION SECTION:
;relies.net.multi.surbl.org. IN A
;; ANSWER SECTION:
relies.net.multi.surbl.org. 2100 IN A 127.0.0.4
So, if you can extract the domain name from the image it's possible to check it against the SURBL and blacklist the message. Switching over to Google's Tesseract OCR system revealed the following:
(I LIT inl 3
IE\)' :
Q ii ,g @1
Lgiiiizj
i
H ; ik
s$i` wg `i?! J
Labels: anti-spam
posted by John Graham-Cumming at 11:28 AM
0 Comments:
Post a Comment
Links to this post:
Create a Link
<< Home