Spam Filter Busters

Trackback or

Spam has been around for nearly thirty years so you would think that we would have this problem solved. Yet, it is estimated that 55 billion spam are generated daily. Obviously, we still have a long and hard battle on our hands.

There are several techniques that spammers use to bypass your spam filter and the purpose of this article is to show you how they do it. I will show you how a spammer will attempt to get a spam past your e-mail filters to sell you my fictional product - the FooFoo Valve.

Leet

Leet is probably one of the first ways that spammers used to try and bypass filters. When a spammer uses leet, they typically will replace letters with numbers or symbols. For example, my FooFoo Valve could be written Ph00f00 valv3 and this would not be picked up by the spam filter. The filter does not know to remove Ph00f00 valv3 and lets it through. The spelling may look odd but you get the picture.

Check out a l33t translator to come up with your own examples.

Mexid Up Wrdos

Many of you may have seen the e-mail that has been floating about the Internet telling of a recent study that indicated we can still recognize and understand words as long as the first and last letters are correct. It does not matter that the letters in between are all jumbled up. So my FooFoo Valve turns in to FoFooo Vlvae, the spam filter lets it through and you are sending me a money order!

HTML

When you receive and e-mail in HTML format, there is a lot going on in the background of the e-mail that you do not see. There are several tags that can be entered into the HTML e-mail that you would never know where there. For example, if I put F<strong>< /strong>o<strong>< /strong>o<strong>< /strong>F<strong>< /strong>o<strong>< /strong>o<strong>< /strong> V<strong>< /strong>a<strong>< /strong>l<strong>< /strong>v<strong>< /strong>e, your filter would let it through but you would still see FooFoo Valve on your end.

Graphics

Most filters look for words or phrases. They are “blind” to images. So, I can create an image that displays foofoovalve.png and nicely gets past the spam filter without skipping a beat.

Poor Spelling

Poor spelling is a plus for spammers. Words that are spelled incorrect will often get past spam filters. In fact, it is so bad that someone calculated that there are at least 1,300,925,111,156,286,160,896 ways to spell Viagra! So for a spammer FooFooo Velve is a good thing.

Rambling E-Mail

Some spam filters look for ratios of “blacklist” words to “good” words. Spammers have responded by adding text after the original e-mail “sales pitch”. The idea is to reduce the bad to good word ratio. So, for example, if FooFoo is on the blacklist and the ration is set to 1:10, a message of:

FooFoo valves 50% off! Act now!

would get a ratio of 1:6 and be filtered out. But, a message of:

FooFoo valves 50% off! Act now!

Sun Tzu Wu was a native of the Ch`i State.
His ART OF WAR brought him to the notice of Ho Lu, King of Wu.
Ho Lu said to him: “I have carefully perused your 13 chapters. May I submit your theory of managing soldiers to a slight test?”
Sun Tzu replied: “You may.”
Ho Lu asked: “May the test be applied to women?”
The answer was again in the affirmative, so arrangements were made to bring 180 ladies out of the Palace.
Sun Tzu divided them into two companies, and placed one of the King’s favorite concubines at the head of each. He then bade them all take spears in their hands, and addressed them thus: “I presume you know the difference between front and back, right hand and left hand?”
The girls replied: Yes.

would have a ratio of 1:142 and it would get through.

Disguising the Sender

Some domains have been blacklisted as spam domains. Any e-mail that comes from anyone@spamdomain.com is automatically rejected. The spammers bypass this by modifying the e-mail headers so that the e-mail looks like it is coming from yourself or someone else. (If you thing that this is difficult, send me an e-mail and I will send you one back from yourself!)

Conclusion

As we have seen, the battle against spam has just begun. I’ll leave you with the only good spam out there:

If you found this post useful, why don't you buy me a cup of coffee to show your gratitude?

Trackback link - http://www.dailycupoftech.com/spam-filter-busters/trackback/
Tim Fehlman

3 Responses to “Spam Filter Busters”

  1. Brian Says:
    November 22nd, 2006 at 1:16 pm

    I get it now! Thank you so much! I have always wanted to see the spam skit. :)

  2. Tim Fehlman Says:
    November 22nd, 2006 at 1:34 pm

    Brian,

    I’ve always thought the Monty Python had spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! Spam! :)

    Tim

  3. Chandler Says:
    December 8th, 2006 at 8:26 pm

    WordPress Trackback Spam!!!
    I have installed plugins that prevent comment spams, but this won't prevent trackback to be blocked. I've been spam by many
    MFA websites that most probably is from the same network with trackback, but they are not linking me on their website. May I
    know how do they do it and how do I stop it? Without disabling trackback?
    Thanks, and I'm using WordPress.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>