The Growing Field Guide To Spam Techniques

← Back to Stories (view on slashdot.org)

The Growing Field Guide To Spam Techniques

Posted by timothy on Tuesday July 22, 2003 @11:41PM from the one-step-behind-is-better-than-brain-death dept.

Aneusomy writes "From Activestate: 'Compiled by Dr. John Graham-Cumming, a leading anti-spam researcher and member of the ActiveState Anti-Spam Task Force, the ActiveState Field Guide to Spam is a selection of the tricks spammers use to hide their messages from filters, providing examples taken from real-world spam messages.' The hope is that Activestate and others can contribute to continually expand this guide, so that anti-spam filters improve."

5 of 321 comments (clear)

Min score:

Reason:

Sort:

Block spam by ftvcs · 2003-07-22 23:50 · Score: 5, Informative

I use Thunderbird, and found it to be a good system.
Before I used PopFile but he blocked some good mails. That was reason enough to drop it..
Re:Does not explain purpose of trick by Anonymous Coward · 2003-07-23 00:04 · Score: 5, Informative

One purpose of hiding text is to fool anti spam filters.

Let's say that everything between '[/]' is visually hidden. I can send you the message:

Fre[dom for th]e pen[ and th]is enl[ist l]argement.

The 'filter' will see:

Fredom for the pen and this enlist largement.

The user will see:

Free penis enlargement.

Cheers,

--fred
Re:Does not explain purpose of trick by alistair · 2003-07-23 00:08 · Score: 5, Informative

I think the purpose is to vary the hidden text to fool anti-spam systems which rely on blocking mail based on signatures of the message body.

If you send 150,000 messages which say "Free Porn Here" systems such as Britemail are going to quickly generate one signature for the mail and block most of it. If however you have the following example (using the fictional HTML HIDE tag)

Free [HIDE] from your meeting at 10:30 [/HIDE] porn [HIDE} cate suggested meeting for coffee [/HIDE] here [HIDE] I will be in work late today [/HIDE}

The message is still displayed in the browser as "Free porn here". However, filters such as those used by Mac Mail and Mozilla may not pick it up as junk because the hidden words look like real email. If you change the hidden sentences every 100 emails then the signature based spam blocking systems won't pick it up as every signature is different and (in this example) you are using real words.

One of the best solutions to this I have seen is KMail, this displays HTML mail as text and you can click a button to then render as HTML. This doesn't stop the spam, but does give you the abaility not to see many images you rather wouldn't at 10am on a Monday morning and allows you to stop web bugs (HTML code in images which can be used to indicate successful message delivery).
Re: SPAM by Anonymous Coward · 2003-07-23 00:29 · Score: 5, Informative

The official meaning of SPAM in terms of the Internet is "Self Promotional Advertising Message."
Rubbish - that's an acronym after the fact. The real meaning is that receiving that sort of message is as annoying as having a bunch of Vikings shouting "spam, spam, spam, spam" and drowning out your conversation. Anyone tells you different, they're a n00b to the net and you should ignore them.
Re:"Tricks?" by DazzaJ · 2003-07-23 00:32 · Score: 5, Informative

Hormel Foods has this to say on the subject

"We do not object to use of this slang term to describe UCE (unsolicited commercial email), although we do object to the use of our product image in association with that term. Also, if the term is to be used, it should be used in all lower-case letters to distinguish it from our trademark SPAM, which should be used with all uppercase letters."

so....

"SPAM" is Pork and Ham
"spam" is unsolicited email

"SPAM SPAM SPAM SPAM
SPAM SPAM SPAM SPAM
Lovely SPAM, wonderful SPAM!"
is a Monty Python song