Skip Links

Staunching spam

An IT pro talks about the tricks spammers use to evade anti-spam filters and recommends countermeasures.

By Network World Staff, Network World
September 15, 2003 12:09 AM ET

Network World - Anti-spam systems can help reduce the onslaught of unwanted e-mail, but wily spammers are a step ahead with new tricks for evading filtering software and devices. Network World recently asked its own senior network engineer, Peter Hebenstreit, for insight into what IT executives can do to keep spam out of corporate in-boxes.

How do spammers get past the systems most companies have employed to stop spam?

There is a way around most every method of blocking spam - at least today - and, sadly, many companies don't, or won't, employ the resources required to block spam. If you do try to block, here are some of the ways that spammers get past basic filters: The first is HTML comment fields. By breaking up the content of the e-mail into what appears as gibberish to the human eye, an HTML message can sneak through filters with no problems and still deliver their message to your users.

Take a common example: e-mail regarding the sale of Viagra. We all block on the word Viagra, but if in the HTML source is <!--xyzx-->v<!--xyad23-->i<!--acijadf-->a<!--kljadf-->g<!--90234-->r<!--234jkaljds-->a<!--asdfjea-->, a basic program is not going to realize that this source will display the word Viagra.

The other primary way they bypass basic filters is to create a message with a .jpg or .gif image with text embedded in the image, rather than including text. I see this most often in pornography and insurance offers. Basic content filtering does not work in this case. The latest revisions of most anti-spam software are capable of looking for these characteristics within e-mail messages, whereas older filters looked strictly at text content. There are also applications that use advanced algorithms that go deeper into the e-mail to track the patterns of spam, and hopefully learn or update themselves as spam is received by corporate mail gateways. And further, there are applications that can take a snapshot of spam and look for identical or similar e-mails and stop them.

An almost-surefire way to avoid spam, or at least make it very easy for an anti-spam application to catch, would be to only accept text messages, but that is usually unrealistic in today's e-mail communication. It would not eliminate the problem, but spam could be flagged more easily by even the lowest level anti-spam application.

What are the most common mistakes companies make that make it easier for spammers to plague them?

Outside of distributing e-mail addresses so that spammers' lists get larger, it's an issue of training users on how to deal with spam. Once a user legitimizes his e-mail address there is no hope to ever get off spam lists. There is no avoiding spam, there is only a course of action to take once you receive it: You can hit the delete key, or you can report the supposed sender to their ISP. Both are extremely costly, both on the network appliances and the time employees spend dealing with it.

Also, companies need to utilize some type of anti-spam software. Blacklists are not enough to stop spam because there are ways around them. Out of the box, products with almost no administration easily can stop 70% of spam these days. Although you have to pay for the software, most anyone can justify the investment by the cost-savings.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News