Tuesday, June 05, 2007

A little light relief in an 'enlargement' spam

Jason Steer from IronPort sent me over an image taken from a recent spam for an 'enlargement' product. Here's the image:

Since the text is large I thought it would be fun to run this through gocr to OCR out the text and URL. Here's the output of gocr on the image (I removed a few blanks lines for clarity here):

__ ___

_ ____

So, that worked out well :-) Nevertheless, the domain is listed in the SURBL:

$ dig relies.net.multi.surbl.org
;relies.net.multi.surbl.org. IN A

relies.net.multi.surbl.org. 2100 IN A

So, if you can extract the domain name from the image it's possible to check it against the SURBL and blacklist the message. Switching over to Google's Tesseract OCR system revealed the following:

(I LIT inl 3
IE\)' :
Q ii ,g @1

H ; ik
s$i` wg `i?! J

No comments: