5 Tricks Spammers Use to Get Past Your FilterWritten by Jeff on March 22, 2012
Nowadays, just about every organization that uses email has some sort of spam filtering solution in place. If they didn’t, their employees would be under an avalanche of junk mail promoting anything from pharmaceuticals to the promises of instant millions.
Others would find that emails sent to them contain links to malicious websites and attachments containing malware nasty enough to take complete control of their entire computer system.
But while security companies are looking at ways to make their email filtering products even better, spammers, and even legitimate marketing agencies, constantly look at ways to maneuver around the filtering solutions that you put so much time, resources and money into.
So just what are some of the ways that people circumvent the spam filters?
1. Zombies and botnets.
Spam filters identify certain IP addresses as ones that are guilty of sending out spam so messages that are sent from them are blocked. By controlling tens of thousands of zombie computers (or bots), they can be assured that a high percentage of them have IP addresses that will not raise a red flag with the spam filters.
After sending out thousands of spam messages from that one address, it may find itself on the bad reputation lists of the spam filters – but by that time the spammer has already found hundreds more zombie computers to take its place.
2. Word Tricks.
For a while, spammers would take to using numbers and symbols in place of letters to avoid spam filters from picking up on certain signal words in their messages. For example, buy now could easily become buy n0w using the zero instead of the letter ‘o’.
Eventually, the spam filters began to recognize this technique and made it harder for spammers to use it to circumvent them. Yet the persistence of the spammer would not let this be more than a simple inconvenience. So instead of numbers and symbols, they turned to foreign alphabets like the one used in Russia, the Cyrillic alphabet.
Certain words in the Cyrillic alphabet look just like others in the English alphabet. They are so similar that you would never know the difference by looking at them. However spam filters don’t actually read your email. They look at the character encoding to determine what the message says. Since the encoding between the characters in the two languages are completely different, the filter doesn’t pick up on the fact that the message is actually spam.
3. Word salad.
Simply finding a few signal words in a spam message isn’t enough to send it to the junk mail box. If that were the case, the false positive rates of even the best filtering solutions would be too high for use in any organization.
What really happens is the number of signal words is measured against the number of “good” words in the message. If the ratio is at an acceptable number, then the message is allowed to be delivered. So to help keep that ratio and an acceptable level some spammers will toss in a bunch of good words to the content of their message. Even if these words have nothing to do with message, they are included for the sole purpose of beating your spam filter.
4. Tiny URLs
URL shortening services are great for things like Twitter where character counts are limited. They even help send extremely long URLs to people via email.
Since spam filters are taught to look at URLs as well, any address that points to a malicious website can be caught before a user is tricked into visiting it. However, if that URL is somehow disguised, say by a shortening service, then it could pass through the filter undetected.
5. Email laundering.
One of the most effective ways to bypass top notch email filters is to sanitize the message as much as possible. By avoiding things that trigger the filters, a message can find its way to the promised land of the victim’s inbox.
Spammers study, at great length, what the latest technologies in spam detection are and develop methods to counter act them.
By making sure the filtering solution your organization implements helps to protect against the first four items on this list is a given, but finding one that stays one step ahead of the spam industry will help keep your users from having to endure junk mail that can harm their computer and cost your company money in the long run.