5 Tricks Spammers Use to Get Past Your Filter

Nowadays, just about every organization that uses email has some sort of spam filtering solution in place. If they didn’t, their employees would be under an avalanche of junk mail promoting anything from pharmaceuticals to the promises of instant millions.

Others would find that emails sent to them contain links to malicious websites and attachments containing malware nasty enough to take complete control of their entire computer system.

But while security companies are looking at ways to make their email filtering products even better, spammers, and even legitimate marketing agencies, constantly look at ways to maneuver around the filtering solutions that you put so much time, resources and money into.

So just what are some of the ways that people circumvent the spam filters? 

1. Zombies and botnets.

Spam filters identify certain IP addresses as ones that are guilty of sending out spam so messages that are sent from them are blocked. By controlling tens of thousands of zombie computers (or bots), they can be assured that a high percentage of them have IP addresses that will not raise a red flag with the spam filters.

After sending out thousands of spam messages from that one address, it may find itself on the bad reputation lists of the spam filters – but by that time the spammer has already found hundreds more zombie computers to take its place.

2. Word Tricks.

For a while, spammers would take to using numbers and symbols in place of letters to avoid spam filters from picking up on certain signal words in their messages. For example, buy now could easily become buy n0w using the zero instead of the letter ‘o’.

Eventually, the spam filters began to recognize this technique and made it harder for spammers to use it to circumvent them. Yet the persistence of the spammer would not let this be more than a simple inconvenience. So instead of numbers and symbols, they turned to foreign alphabets like the one used in Russia, the Cyrillic alphabet.

Certain words in the Cyrillic alphabet look just like others in the English alphabet. They are so similar that you would never know the difference by looking at them. However spam filters don’t actually read your email. They look at the character encoding to determine what the message says. Since the encoding between the characters in the two languages are completely different, the filter doesn’t pick up on the fact that the message is actually spam.

3. Word salad.

Simply finding a few signal words in a spam message isn’t enough to send it to the junk mail box. If that were the case, the false positive rates of even the best filtering solutions would be too high for use in any organization.

What really happens is the number of signal words is measured against the number of “good” words in the message. If the ratio is at an acceptable number, then the message is allowed to be delivered. So to help keep that ratio and an acceptable level some spammers will toss in a bunch of good words to the content of their message. Even if these words have nothing to do with message, they are included for the sole purpose of beating your spam filter.

4. Tiny URLs

URL shortening services are great for things like Twitter where character counts are limited. They even help send extremely long URLs to people via email.

Since spam filters are taught to look at URLs as well, any address that points to a malicious website can be caught before a user is tricked into visiting it. However, if that URL is somehow disguised, say by a shortening service, then it could pass through the filter undetected.

5. Email laundering.

One of the most effective ways to bypass top notch email filters is to sanitize the message as much as possible. By avoiding things that trigger the filters, a message can find its way to the promised land of the victim’s inbox.

Spammers study, at great length, what the latest technologies in spam detection are and develop methods to counter act them.

By making sure the filtering solution your organization implements helps to protect against the first four items on this list is a given, but finding one that stays one step ahead of the spam industry will help keep your users from having to endure junk mail that can harm their computer and cost your company money in the long run.

Written by Jeff

0 Comments

  1. Matt Pollard · March 26, 2012

    What always irritated me is that the “word salad” method of getting past a filter is almost certainly going to raise the less-technological “Bull**** detector” of most people once it reaches a legitimate pair of eyes. It worries me deeply that there are people out there who can read an email that makes no sense and still click malicious links or worse, download attachments.

  2. Ethan Fasbender · March 26, 2012

    I don’t understand why an email marketing manager or a someone involve in online marketing would like to employ the services of a URL shortening tool. It looks unprofessional and untidy especially when it is applied to email newsletters or campaign materials. Plus, you’ll not now what it is all about. The good old fashioned hyperlink will tell you what the article or content is all about just by looking at the link itself. No fuss. No wasting of the customers’ time.

    I don’t hate URL shortening services. It’s just that, they have their own use at the right place, for instance in micro-blogging platforms such as Twitter wherein you are limited with characters. But when it is applied in emails, it’s like putting a spaghetti sauce in a fruit salad. It does and will not add up.

  3. KaS · July 25, 2012

    I found this article enlightening but wanted to comment on comments made. Companies somestimes (many times) hire outside their company for someone to advertise for them. Many times they fall for someone who is actually a spammer. Many times the company doesn’t look at how the advertising is done but just the results. Some companies refuse to see it as wrong once they see results they like. The problem is that when you hire a spammer to “advertise” for you, your name gets discredited and flagged as spam. Don’t hire spammers and truly investigate who you hire to advertise your company.

    Also I always wondered about the “word Salad” one as well even though I did suspect it was to get past the spam detectors. Still, I did not know how. I find spam like that more used on forums where search engines will (used to) pick up the links and the more sites linked back to that link the higher it would supposedly be ranked in search engines. This is a tactic that those advertising companies who promise #1 rank in Search engines will do. It is a good idea to do a search on your company to see if who you hired is advertising in a way they would tarnish your company’s name.

  4. HLB · August 30, 2012

    The “Word Salad” spam emails aren’t always as obvious as the gobbledy-gook messages we’ve all seen & laughed at. I’ve seen many messages where the actual spam/advertisement is a series of photos in a table format with links, and the “Word Salad” portion is formatted in a tiny font, i.e. 2 pt, the same color as the background. There may be 1 full page of text when formatted normally but it appears in the email as 2-3 extra lines at the end of the message.

Leave A Reply