How to detect Advanced Spam Mails
Email service providers and security companies work on technologies round the clock to identify and filter out spam messages before they land in the user's inbox.
People who send millions of spam messages per day do pretty much the same thing, only that they are creating new technologies to bypass the filters. It is a cat and mouse game.
I would like to show you some examples from my personal mail folder and analyze the latest image spam trends.
Many spam filters concentrate their efforts on blacklists and the text that the spam mails contain. Spam that is not caught immediately will be caught in the future if the user marks that mail as spam. Language and keyword filters and white lists do their part and reduce spam and false positives.
Image spam on the other hand is on the rise because of several new spam techniques that make it pretty hard for the filters to automatically recognize spam.
The first image below is an example of a typical image that is used in spam emails. The following techniques were used in the mail to bypass the spam filter. The first obvious element are random pixels that overshadow some part of the image. This is done to create random images which can bypass spam filters as it makes the image unique so that it cannot be as easily identified if a similar image has been identified as spam previously.
Other options to achieve a similar effect include using colors that look the same to the human eye but not to the computer, and randomizing processes to create unique images.
Some spammers use different layers for a set amount of pixels which makes it incredibly hard to to use hash values to determine spam images.
The last aspect of image based spam emails is random text that is copied before or - more often - after the image. The text itself has nothing to do with the intention of the spammer. It is solely used to simulate a normal mail with a set amount of neutral and positive words.
The image aboveÂ highlights another technique that is often used to bypass spam filters. It uses random colors much like the previous image used random pixels so that it is seen as a unique image.
The problem with these new types of spam is that they look low quality, and can therefor often be identified as spam immediately by the user.
That's probably one of the reasons why image spam has declined in recent time.Advertisement