Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Growing Field Guide To Spam Techniques

Posted by timothy on from the one-step-behind-is-better-than-brain-death dept.

Aneusomy writes "From Activestate: 'Compiled by Dr. John Graham-Cumming, a leading anti-spam researcher and member of the ActiveState Anti-Spam Task Force, the ActiveState Field Guide to Spam is a selection of the tricks spammers use to hide their messages from filters, providing examples taken from real-world spam messages.' The hope is that Activestate and others can contribute to continually expand this guide, so that anti-spam filters improve."

6 of 321 comments (clear)

  1. Block spam by ftvcs · · Score: 5, Informative

    I use Thunderbird, and found it to be a good system.
    Before I used PopFile but he blocked some good mails. That was reason enough to drop it..

  2. Re:Does not explain purpose of trick by Anonymous Coward · · Score: 5, Informative

    One purpose of hiding text is to fool anti spam filters.

    Let's say that everything between '[/]' is visually hidden. I can send you the message:

    Fre[dom for th]e pen[ and th]is enl[ist l]argement.

    The 'filter' will see:

    Fredom for the pen and this enlist largement.

    The user will see:

    Free penis enlargement.

    Cheers,

    --fred

  3. Re:Does not explain purpose of trick by alistair · · Score: 5, Informative

    I think the purpose is to vary the hidden text to fool anti-spam systems which rely on blocking mail based on signatures of the message body.

    If you send 150,000 messages which say "Free Porn Here" systems such as Britemail are going to quickly generate one signature for the mail and block most of it. If however you have the following example (using the fictional HTML HIDE tag)

    Free [HIDE] from your meeting at 10:30 [/HIDE] porn [HIDE} cate suggested meeting for coffee [/HIDE] here [HIDE] I will be in work late today [/HIDE}

    The message is still displayed in the browser as "Free porn here". However, filters such as those used by Mac Mail and Mozilla may not pick it up as junk because the hidden words look like real email. If you change the hidden sentences every 100 emails then the signature based spam blocking systems won't pick it up as every signature is different and (in this example) you are using real words.

    One of the best solutions to this I have seen is KMail, this displays HTML mail as text and you can click a button to then render as HTML. This doesn't stop the spam, but does give you the abaility not to see many images you rather wouldn't at 10am on a Monday morning and allows you to stop web bugs (HTML code in images which can be used to indicate successful message delivery).

  4. Re: SPAM by Anonymous Coward · · Score: 5, Informative
    The official meaning of SPAM in terms of the Internet is "Self Promotional Advertising Message."
    Rubbish - that's an acronym after the fact. The real meaning is that receiving that sort of message is as annoying as having a bunch of Vikings shouting "spam, spam, spam, spam" and drowning out your conversation. Anyone tells you different, they're a n00b to the net and you should ignore them.
  5. Re:"Tricks?" by DazzaJ · · Score: 5, Informative

    Hormel Foods has this to say on the subject

    "We do not object to use of this slang term to describe UCE (unsolicited commercial email), although we do object to the use of our product image in association with that term. Also, if the term is to be used, it should be used in all lower-case letters to distinguish it from our trademark SPAM, which should be used with all uppercase letters."

    so....

    "SPAM" is Pork and Ham
    "spam" is unsolicited email

    "SPAM SPAM SPAM SPAM
    SPAM SPAM SPAM SPAM
    Lovely SPAM, wonderful SPAM!"
    is a Monty Python song

  6. Avoiding spam of all kinds by doodleboy · · Score: 4, Informative

    This will all be blindingly obvious to most readers of /., but just for the record:

    Don't use your personal email address for anything online. Don't post to usenet with it, don't use it to register for anything, don't ever use it where there's any chance of it being sold to a third party or picked up by a web crawler. Use a free throwaway web-based account like hotmail or yahoo, that's what they're for. I have a verizon.net primary email address, and I've never received a single piece of spam from it.

    However, I still have a forward-only email address from my university circa 1992. Back then, there was no spam and that address has to be on every spammer's list on the planet. I still get a legitimate email every year or two, but spam outnumbers these by at least 10,000 to 1. SpamAssassin does a surprisingly good job of identifying the garbage.

    I also use a proxy to surf the web, as well as a large hosts file that reroutes requests to adservers to 127.0.0.1:80, combined with a utility that returns a transparent 1x1 gif to any request on port 80. And of course I use mozilla to block pop-ups and whatnot. I'm so used to surfing in this way that I always recoil in horror when I have to use IE on a naked, unprotected box. How on earth can anyone stand it?

    As for more traditional types of spam such as telemarketers, there's the national do not call list. It's free, so there's nothing to lose. You'll also want to check out the many excellent resources at the Junkbusters website. One of the most useful features is a Junkbusters Declare page, which builds custom form letters for you that you can use to opt out of Direct Marketing Association junkmail, as well as telling your financial institutions, etc., not to sell your name to third parties. I used it, it's painless, and my privacy is protected.

    Of course, it would be much better if we didn't have to jump through hoop after hoop just to get through the day without being pestered by morons.