Computing Center

  1. Home
  2. Electronics & Gadgets
  3. Computing Center

How Spam Slips Past Your Defenses

Beware of slimy spam strategies.

Andrew Brandt

Andrew Brandt is a senior associate editor for PC World. You can send him e-mail at consumerwatch@pcworld.com


Illustration by Mark Matcho

ISPs are smarter than ever about eliminating spam before it gets to your inbox. And when a new ad for discount toner or prescription drugs does make it through, you quickly tell your spam filter that it's junk. So how come you're still getting so much of the garbage?

The answer is that as hard as the good guys are working to stop spam, spammers seem to be working even harder to create new armies of crafty, supervirulent messages that manage to slip through where they're least wanted. One technique involves simple trial-and-error. Spammers open their own e-mail accounts with the major ISPs and then send trial messages to their accounts to see what gets through. If one version gets caught by the ISP's spam filter, they tweak the wording--for example, with creative misspellings of keywords (V1@gr@ instead of Viagra, say), until they assemble a combination that bypasses many spam filters.

Spammers also try to manipulate the spam-filtering mechanism. One technique is to join community-based spam-filter networks. These kinds of networks, used by antispam firm Cloudmark's SafetyBar and by AOL's built-in spam filter, create new filtering rules based on which messages the network's members block and which ones they allow into their inboxes. If most members label an e-mail as spam, the filters will stop it; but if lots of members say they want to see a message, the filter adjusts to let it through. So spammers sign up for hundreds of accounts, and when the spam messages they crafted are caught in the filter, they choose the "Deliver" button, signaling that the message wasn't spam.

Vipul Ved Prakash, Cloudmark's founder and chief scientist, says "We have 25,000 accounts trying to abuse the system." These tricks don't usually work, Prakash says. Users earn a "trust" score based on how well their judgments agree with those of the community as a whole, and spammers who try to game the system stick out like sore thumbs, he says.

Cloudmark may have largely shut down this particular trick, but there is no shortage of spammers trying new ones. When swarms of cockroaches look for ways to enter a well-stocked pantry, the chances are good that some will succeed.--Andrew Brandt

Explore Computing Center

More from About.com

Browse All About.com

Computing Center

  1. Home
  2. Electronics & Gadgets
  3. Computing Center
  4. Internet & Networking
  5. E-Mail
  6. Spam
  7. How Spam Slips Past Your Defenses

©2008 About.com, a part of The New York Times Company.

All rights reserved.