Google
 

Friday, August 31, 2007

How to Detect Spam Email

Anatomy of a spam e-mail
11 October 2006
A daily chore of modern life for many is the morning trawl through a full inbox deleting spam email. But just where does it all come from and why do spammers use bizarre text, names and images in their emails?

To the expert eye a typical spam is laden with clues to its origin. Click on the links below to find out more.

Anatomy of Spam E-mail

SENDER
"Iverson Vernie": An implausible name that sounds human to computers if not people. This helps to offset the "spamminess" of the message. Plus it is in capital letters which also helps to bust the scoring systems often used to spot spam.


E-MAIL ADDRESS
"eieeeyuuyuioeeiiayi@fleetlease.com - Clearly fake. All the letters before the @ sign come from the top line of the keyboard starting at the left. The spammer generated this e-mail addresses by running their finger along that line when putting the spam run together.

However, this could provide useful forensic information when tracing spam campaigns or spam groups. Another clue is given by the fact that the company owning the domain, Fleetlease, rents vehicles - there's no reason to think it is really pushing pills.


SUBJECT
Bad spelling marks it as spam as does the exclamation point. But it avoids mentioning what the message is actually about which might help it sneak past some spam filters.


BODY IMAGE
The body of the message is actually an image rather than text. Again this is another trick to defeat spam filters which find it impossible to view what is in bitmap or jpegs.

This image was called from another computer based in Hungary. The net service offered by this company is free which is probably why it is being used as a source for these images. Spammers hate paying for anything.

It could also be a checking mechanism which records which e-mail address responded. "Live" addresses are much more valuable than ones that never react.


ASSOCIATED WEBSITE
This is apparently linked to a company in Wisconsin, but the details held on the net about it are likely to be fake given that there is evidence the server is physically located in South Africa. The server hosting this site hosts another 90, most of which are touting drugs of one kind or another.

The net address for this site is well-known as a source of spam and is actively blocked by many organisations. It is thought to be one of many used by the Yambo Financials spam gang.


EXTRA TEXT
Spammers regularly use large lumps of text to try to convince filtering systems that a message is legitimate. Extracts from books are popular but random text like this is too. What should be noted is that nowhere in this mail does the text actually mention what the message is about. The only mention of the drugs it is offering for sale is in the image.
BBC News

1 comments:

Anonymous said...

Great thoughts you got there, believe I may possibly try just some of it throughout my daily life.
Email Spam Filtering