Uh-oh: Spam's getting more sophisticated

Just as security experts match wits with hackers, those trying to block unwanted e-mail face increasingly elaborate "attacks" from spammers trying to slip messages through antispam defenses.

"These guys' technical ability should be respected," John Graham-Cumming, author of open-source spam filtering software POPFile, told a conference at MIT in the US Friday.

Graham-Cumming outlined several ways spam authors try to evade blocking software, ranging from the simple to the sophisticated. Some messages just alter words to foil basic efforts to spot red-flag words; for example, most recipients know what "Vi*gra," V1agra" or "V i a g r a" mean, but basic word-blocking software might not. Other efforts involving HTML-coded messages instead of plain text are far more clever.

"The most dastardly thing I've seen so far," Graham-Cumming said, involved words that were printed vertically within the raw HTML text,







. The HTML message then used tables to reassemble the words and display them horizontally again. The result: Antispam filters didn't understand that the words in vertical format were spam, and let the message through; but the HTML displayed normally to recipients. "This is ingenious," he said. The lesson for those writing antispam software: Filters need to understand how HTML is displayed to the end user, not merely look at the raw text.

Other filter-evading techniques include:

- Using a two-part Multipurpose Internet Mail Extensions (MIME) encoded message, with the plain-text portion looking like legitimate mail, which the filter reads and lets through, but the HTML portion shown to the recipient containing that message about making millions working at home or enlarging various parts of one's anatomy. Lesson: Filters should check whether text and HTML portions of two-part MIME messages are the same.

- Employing "invisible ink" within an HTML message -- white text on a white background, for example, containing words that look like a legitimate message but the user doesn't see; then there's just a short spam message actually visible to the user. Lesson: If the user can't see it, neither should a spam filter.

- Sending an HTML message with no words for a filter to check, just an image with the spam's message. Lesson: Filters need to look at more than text.

- Sending an HTML message with no spam contained initially; the spam is included in JavaScript code that changes the e-mail content after it's loaded. Lesson: Filters should either decode JavaScript or, as one audience member suggested, block it.

Friday's conference was aimed at bringing spam-fighters together to talk about research, products and organized efforts such as the SpamArchive, which aims to collect a large database of spam messages that researchers and developers of spam-blocking tools can use to test various antispam approaches.

John Draper at ShopIP got some chuckles when he shared his "cool things you can do" to spammers, such as flood their return mail or set up numerous inactive "honey pot" e-mail addresses to "poison" their mailing lists.

Often spammers don't contain legitimate return addresses, but Draper said he went to one spammer's site, found a product order form, duplicated it on his own system and then set it up to send about a thousand messages back to the spammer.

The apparently irony-challenged spammer contacted Draper promptly to complain. Draper responded that he would stop if his e-mail was removed from the spam list. It was taken off the next day.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Sharon Machlis

Sharon Machlis

Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?