The top 10 spam characteristics (#6-10)
Posted by Deborah on September 27, 2006 in Anti spam
‘Even though some spam messages are hard to distinguish from legitimate emails, most spam mails include ‘tell-tale’ signs that can be used to filter them out. In the next few days I will be discussing the Red Earth Software list of current top 10 spam characteristics and how they can be used to detect spam. Remember that these spam characteristics must not be used in isolation, since some characteristics can also be present in legitimate mails. Therefore it is important to use a weighting system that provides an individual score for each spam characteristic. If a message includes several spam characteristics and reaches a ’spam threshold’, the email can safely be considered as spam.
I have numbered each spam characteristic according to the frequency in which it is found in today’s spam mails, where #1 is the spam characteristic that Red Earth Software found to be most common. Today I am posting #10 through #6. Keep a look out for the top 5 coming soon in this blog.
#10. Illegal HTML exists: Some spam messages include a code for identification in the text of the message. The text is entered outside the HTML tags so as to hide the code from the recipient. There is no legitimate reason to add text outside HTML tags, so the mere presence of illegal HTML can be treated as suspicious.
#9. Message body contains small font size: In order to circumvent Bayesian filters and filters that block messages with only images, spammers enter ‘normal’ text at the bottom of the message in order to appear legitimate. Some spammers include this text in small font size.
#8. Message subject contains email address or recipient name: Either the complete email address or part of the email address (the part before the domain) is added to the subject in order to personalize the message and trick the recipient into thinking that it is a legitimate message. For legitimate mails there is no reason to enter the recipient’s email address in the subject, so the presence of this is a pretty sure sign of spam.
#7. Message body is base64 encoded: Spammers use base64 to encode the message headers and body so that spam filters are not able to read the content and perform any filtering. Most email clients will decode the message so that the message can still be read by the recipient.
#6. Sender address contains number or character sequence: Spammers use automated programs to register thousands of email addresses. Since they are generated in bulk, they often include number or character sequences such as FRfJIrqOpV@hotmail.com or bob36189624@gmail.com. At first spammers used number sequences but when most spam filters started to block these types of addresses they changed to using character sequences which are harder to detect.
Comment
Log in or Register to post a comment.