?

Log in

No account? Create an account

Previous Entry | Next Entry

Spam: a cunning (and annoying) approach

I've had a few emails recently get through my network of filters, and have been wondering how they managed it, as they used words that would trigger any spam filter, and all seem to have exactly the same text. (I do have a strange soft spot for the innovative and amusing kind of spam, but nobody wants thousands of identical emails promoting products one would never buy).

I just became annoyed enough to fiddle with the filters to stop them, and by checking the source, discovered why they had made it through.

The spam filters that filter primarily on content, work by reading your email looking for suspicious strings of letters. The spammers had got round this by adding random letters in the middle of all possibly-contentious words - so for example: Vibtlagnmbra. The random letters are different for every email, so the letter string is always different and cannot be filtered out.

Then they used HTML to colour the excess letters white, make them very small and float them away to the right margin, so that the message looked the same to the human user.

This is awfully cunning. And awfully irritating.

OK, I could turn off rendering HTML in emails, but this wouldn't stop the spams, it would just render them unreadable. I could filter out all HTML emails. But I don't want to do that, I get HTML emails that I do want to read.

I could do more validation of the sender's email address - but I don't really want to do that, because many spams come from genuine, valid addresses that are being forged. In a perfect world, there would be better systems for validating who sends emails so that I could be sure that an email coming from a different IP or SMTP server was spam, but sadly, that's not the case.

I do get HTML emails from oddlooking SMTP servers and varying IPs that I actually want to read, and the process of validating addresses using an SPF record is sufficiently complex that I can be pretty sure that many of the people who send me email will not be able to do that.

In the meanwhile, I've settled for filtering on the code that hides text and floats it to the right. This isn't a great way of doing things, as it's possible that a valid email might also contain that code, and also I can think of quite a number of permutations on this technique using different code - but it is the best 'least likely to lose desired mails' approach I can think of.

However, I suspect that ISPs handling vast amounts of email traffic will go instead for the validate sender approach - thus ensuring that genuine emails become even less likely to be reliablly delivered than they are now.

Hum. It is annoying that spammers insist on muddying their own water in this way. If they could just be a bit more restrained about it, then people would put up with them, but this sort of thing will eventually end up killing email, and driving people to more validated but less private and less universal messaging systems such as the various social media sites.

Tags:

Comments

( 5 comments — Leave a comment )
(Deleted comment)
bunn
10th Dec, 2009 13:47 (UTC)
HTML emails are a bad idea.

That horse has long bolted :-(. You can't block them, and you can't set them to not render, because just too many people send messages in that format by default.

I have one client who has a corporate email system that strips css - not all HTML, just css - and it causes all sorts of bother on a day to day level.
(Deleted comment)
bunn
10th Dec, 2009 14:40 (UTC)
HTML not rendering - would be nice. Problem is that so many people expect to be able to forward formatted stuff and have you understand it - for example, the other day I got a mail forwarded via my css-stripping client, with instructions to 'substitute in the red text' - of course, the red had vanished with the css, cue running about and wibbling...

Or people forwarding newsletters "can you do something like that only purple' etc, etc... Or they embed an image inline or even set it as a background rather than attaching it, without knowing the difference, and the image contains some vital detail, and obviously they sent it late on Friday afternoon and expected it to be actioned by Monday...

Thunderbird - I know what you mean. I just cannot find an email client I really like, I've tried a bunch and keep coming back to Eudora, even though development on Eudora is dead as a doornail and I have a horrible feeling that it won't run under Window 7 :-(
(Deleted comment)
bunn
10th Dec, 2009 17:52 (UTC)
LOL, sigisgrim channels the spirit of... when would it be, 1996 maybe?

My maternal grandfather became an electrician in the 1930s ('it is the coming thing' he told his small daughter). I like to imagine him ranting about foolishness of the hoi polloi replacing their own lightbulbs and fuses.
kargicq
12th Dec, 2009 22:04 (UTC)
Ooh, does Turnpike not play nicely with Windows 7? That's another reason to stick with XP, then. I love Turnpike (even though I parted company with Demon years ago) for many reasons, including the ones you mention.
(Deleted comment)
kargicq
15th Dec, 2009 06:24 (UTC)
Thanks, that's useful to know. I don't think I want to mess around with virtual machines, to be honest.

I do like Turnpike's design. I shouldn't be surprised at how rare a good clean user interface is, but I had a day's training course on our school database system yesterday, and was horrified at how cobbled-together it felt for such an expensive bit of software. Almost every screen has its own unique way of doing things, and they were all inconsistent. Aaaaargh!
( 5 comments — Leave a comment )

Latest Month

August 2018
S M T W T F S
   1234
567891011
12131415161718
19202122232425
262728293031 

Tags

Page Summary

Powered by LiveJournal.com
Designed by Lilia Ahner