Despite advances in antispam technology, spammers consistently manage to evade the products designed to thwart them. As long as sending unwanted e-mail remains a profitable proposition for spammers, they will continue to find ways around filters by using increasingly advanced techniques.
Hiding in the HTML
In the last six months, HTML-based spam has started replacing text-based spam, says Susan Larson, vice president for the global content team at SurfControl.
"It can be just an image pulled down from a server," she says of this new form of spam. The hidden agenda technique lets the spammer split spam words by mixing ASCII text and HTML to make them unreadable by dictionary-based scanning tools.
Another technique, called treacherous tracks, enables spammers to capture a recipient's e-mail address when he clicks on a picture embedded in the message.
Dodgy Deception
More severe still are so-called dodgy domains, which let spammers commit fraud by redirecting users to a fake Web site masquerading as a legitimate one.
Dodgy domains have been used in several cases of online fraud committed against banks, including Citibank, and e-commerce sites such as EBay. "They just hijack you," Larson says.
A recipient of the e-mail who doesn't recognize that the originating e-mail address doesn't match the legitimate company's name may click on a link embedded in the message, bringing the recipient to the dodgy domain. There the recipient is asked to enter such personal and financial information as Social Security number or bank account number, enabling the spammers to steal the recipient's identity.
Ad Choices