« Friday | Main | Carnival of Entrepeneurship »

January 28, 2006

EMAIL Hell - Just In Case You're Confused by All the HIs

by Ferdinand T Cat

For about a week or two, we've been getting a new kind of EMAIL spam. It uses a standard trick to fool the spam filters, but it's noticeable because they botched the execution.

The heart of most spam filters is an examination of the words used in the EMAIL.The engines uses a probability trick called Bayesian analysis. The spam filter scans the message to produce a list of properties X based on criteria are useful in distinguishing spam from legitimate mail. It then looks in a database and asks itself what percentage of messages with properties X are spam and what percentage of spam messages have properties X. The Bayesian formula then tells the filter how likely it is that this new message is spam. The advantage of Bayesian analysis is that it's always adapting to new information. When the program makes a mistake, you tell it, and the information is added to its database, which makes the filter smarter.

Spammers have been adding nonsense words to their EMAILs for years in order to fool Bayesian spam filters. Early on, they tried converting messages to images so there would be no words for the filter to analyze. The filters retaliated by assigning a high penalty for a message that's all image and no text.

The new kind of EMAIL spam we've been getting has the real message coded as an image plus a string of nonsense words in tiny type to defeat the Bayesian analysis. The problem is, they've made a mistake in the HTML to display the image: an extra equal sign. The spam filter doesn't catch the mail because it gets confused by the bad HTML. You don't see the ad, though, because-- yes, you guessed it-- the EMAIL reader gets confused by the bad HTML. What you see is the thing below.

BadSpam.gif

I actually think this is a positive development. For the second time in as many weeks, the spammers have defeated our filtering system by making it impossible to find out what they're advertising. From there, it's only a small step to the trick we're all hoping they try: not sending the mail in the first place.

Respectfully submitted,

Ferdinand T. Cat


# At Sat 5:03 AM | Permalink | Trackback URI | Comments (2) | More EMAIL Hell

Trackback Pings

Comments

Hats off to the spammers. Their brilliance leaves me speechless. OK, it actually leaves me saying things like "if grass mor.tgag3 filibuster truck garment" - but I think that's close enough.

One question: do you think they could teach this trick the people who send junk mail to my house?


Posted by: The Random Yak at January 28, 2006 1:04 PM

One giant step for spamkind? Think about how much time we could save without spam!


Posted by: Greta (Hooah Wife) at January 28, 2006 7:41 PM

Leave a comment

HTML is not allowed in comments; however, if you put in a raw URL (http://www.somewhere.com/page.html) it will automatically be converted to a link.. Also, it is likely your comment will not appear unless you refresh the page manually after posting it.

Leave a comment