How Spammers Fool Rule-based and Signature-Based Spam Filters

Effectively stopping spam over the long-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of spam tools coupled with the increasing number of spammers in the wild has created a hyper-evolution in the variety and volume of spam. The old ways of blocking the bad guys just don't work anymore.

Examining spam and spam-blocking technology can illuminate how this evolution is taking place and what can be done to combat spam and reclaim e-mail as the efficient, effective communication tool it was intended to be.

Heuristics (Rule-based Filtering)

One method used to combat spam is Rule-based, or Heuristic Filtering. Rule-based filters scan email content for predetermined words or phrases that may indicate a message is spam. For example, if an email administrator includes the word "sex" on a company's rule-based list, any email containing this word will be filtered.

The major drawback of this approach is the difficulty in identifying keywords that are consistently indicative of spam. While spammers may frequently use the words "sex" and 'Viagra" in spam emails, these words are also used in legitimate business correspondence, particularly in the healthcare industry. Additionally, spammers have learned to obfuscate suspect words by using spellings such as "S*E*X", or "VI a a GRR A".

It is impossible to develop dictionaries that identify every possible misspelling of "spammy" keywords. Additionally, because filtering for certain keywords produces large numbers of false positives, many organizations have found they cannot afford to rely solely on rule-based filters to identify spam.

Signature-Based Spam Filters

Another method used to combat spam is Signature-based Filtering. Signature-based filters examine the contents of known spam, usually derived from honey pots, or dummy email addresses set up specifically to collect spam. Once a honey pot receives a spam message, the content is examined and given a unique identifier. The unique identifier is obtained by assigning a value to each character in the email. Once all characters have been assigned a value, the values are totaled, creating the spam's signature. The signature is added to a signature database and sent as a regular update to the email service's subscribers. The signature is compared to every email coming in to the network and all matching messages are discarded as spam.

The benefit of signature-based filters is that they rarely produce false-positives, or legitimate email incorrectly identified as spam. The drawback of signature-based filters is that they are very easy to defeat. Because they are backward-looking, they only deal with spam that has already been sent. By the time the honey pot receives a spam message, the system assigns a signature, and the update is sent and installed on the subscribers' network, the spammer has already sent millions of emails. A slight modification of the email message will render the existing signature useless.

Furthermore, spammers can easily evade signature-based filters by using special email software that adds random strings of content to the subject line and body of the email. Because the variable content alters the signature of each email sent by the spammer, signature-based spam filters are unable to match the email to known pieces of spam.

Developers of signature-based spam filters have learned to identify the tell-tale signs of automated random character generation. But as is often the case, spammers remain a step ahead and have developed more sophisticated methods for inserting random content. As a result, most spam continues to fool signature-based filters.

The Solution

When used individually, each anti-spam technique has been systematically overcome by spammers. Grandiose plans to rid the world of spam, such as charging a penny for each e-mail received or forcing servers to solve mathematical problems before delivering e-mail, have been proposed with few results. These schemes are not realistic and would require a large percentage of the population to adopt the same anti-spam method in order to be effective. You can learn more about the fight against spam by visiting our website at www.ciphertrust.com and downloading our whitepapers.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting http://www.ciphertrust.com/prod ucts/spam_and_fraud_protection today.

In The News:

This RSS feed URL is deprecated, please update. New URLs can be found in the footers at https://news.google.com/news

USA TODAY

Could we please, for the love of all things good, stop these annoying robocalls?
WFMYNews2.com
A few phone makers now offer built-in alerts for when a call is probably a fraud. Samsung's Smart Call alerts you if the number that's calling is a known robocaller. Smart Call comes with new Samsung Galaxy phones starting with the S7 and includes the ...
Robocalls scam phone owners: how to stop them - USA TodayUSA TODAY

all 1 news articles »

Fossbytes

8 Best Android Call Blocker App List For 2018 | Filter Spam Calls
Fossbytes
Call Blacklist is a powerful Android call blocker app that works both as a spam call blocker and SMS blocker. You can block calls and messages from any specific, private or hidden numbers, or any other number that you have not stored in your contacts ...


ZDNet

Google cuts fake ad blockers from Chrome Store: Were you among 20 million fooled?
ZDNet
The authors of fake extensions are also using keyword spam in the extension description to get a top ranking in the Chrome Web Store for searches for 'adblocker'. "Instead of using tricky names, they now spam keywords in the extension description to ...
20 million Chrome users are fooled into downloading fake ad blockersDigital Trends
Google has kicked five malicious ad blockers off the Chrome StoreTechRadar
AdGuard reports that 20 million Chrome users have malware infected ad blockersTechSpot
Gizmodo -TrustedReviews -IT News Africa
all 31 news articles »

The Star Online

Adguard claims 20 million Chrome users installed (realistic-looking ...
The Star Online
Adguard identified five different fake ad blockers that had targeted Chrome users; Google has since taken down them down.

and more »

Cult of Mac

Hiya Caller ID and Blocker keeps robocallers at bay [50 Essential iOS Apps #3]
Cult of Mac
Knowing when to answer a call from an unknown number is a game of chance. It might be a family emergency, or it might be a scammer trying to rip you off. Hiya Caller ID and Block is a simple iOS app that attempts to determine whether incoming phone ...


Lifehacker

Waste Phone Scammers' Time Instead of Yours With RoboKiller
Lifehacker
Called Robokiller, at its core, the app is just another spam blocker. When someone calls you from one of the 200,000 numbers it has stored as spam, your phone won't ring. You will get a notification letting you know a call has been blocked. What makes ...


WLTX.com

Cyber Crooks Take Robocalls to the Next Level
WLTX.com
The FTC is trying to figure out how to block these calls, but with cheap technology allowing scammers to place millions of calls from other countries, it's hard to do. "It's annoying." So what can you do? Number one: Download a free or paid ...


TechTarget

What is spam filter? - Definition from WhatIs.com
TechTarget
A spam filter is a program that is used to detect unsolicited and unwanted email and prevent those messages from getting to a user's inbox. Like other types of filtering programs, a spam filter looks for certain criteria on which it bases judgments ...

and more »

KCRA Sacramento

How to stop annoying spam calls
KCRA Sacramento
... ways to block unwanted calls. 2. Check if your phone has built-in protection from spam calls - iPhones can block specific phone numbers. 3. Download apps like TrueCaller or Hiya, which block robocalls or send them to voicemail. 4. Check out cloud ...


WJCL News

2-year-old boy stands in for Marine brother who couldn't attend prom with girlfriend
WJCL News
1. Ask if your mobile phone service provider offers ways to block unwanted calls. 2. Check if your phone has built-in protection from spam calls - iPhones can block specific phone numbers. 3. Download apps like TrueCaller or Hiya, which block robocalls ...

and more »
Google News

E-mail SPAM: Whats The Big Deal?

It absolutely amazes me how many people over-react to receiving... Read More

Spam The Spammer - Will It Work?

Spam is everywhere. It's the "in-box lunch meat" nobody likes,... Read More

How to Fight Back BEFORE Youre Falsely Accused of Spam

A friend of mine received a chilling email message from... Read More

Managing Spam in 2005

In 1998, nearly 10% of all email traffic on the... Read More

Learn Simple Strategies That Will Stop Spammers From Bombarding Your Inbox!

Spam filter is the solution that most people resort when... Read More

What to Do to Avoid Getting Banned

How would you feel if you found a link on... Read More

What To Do When You Get Spam

When you go to your mailbox and find pieces of... Read More

Is Spam Affecting Your Business Email?

5 Ways Spam Is Affecting Your Business And what we... Read More

Are You A Spam Zombie?

Over the past few years you've all become familiar with... Read More

Challenge Response Spam Filters Explained

As the flood of spam increases end users are looking... Read More

Six Tips to Get Rid of Spam Email

1. Ignore Spam EmailDo not open an unsolicited email. Spammers... Read More

20 Words That Kill - At Least When It Comes to Spam Filters

Spam, spam, spam. It's terrible not only for those of... Read More

Dealing With SPAM - An E-mail Address Strategy

With SPAM being such a problem it might seem the... Read More

What Is Spam?

If you've been around the interenet any length of time... Read More

How To Stop Spam

I imagine you have seen, heard about, or already know... Read More

Getting Back To Basics.

While we all agree that there`s way too much spamming/junk-mailing... Read More

Spam with Typos: Why Do They All Have Spelling Errors?

A friend asked me: I don't get it. Why do... Read More

Internet Theft and Fraud

My friends in the web hosting business have recently informed... Read More

The Fastest Delete Finger in the Midwest!

There are hundreds of thousands of people who are trying... Read More

Spam: The Tasteless Internet Meat of Criminals

Spam. You've all heard of the crazy pink meat in... Read More

How to Write a Privacy Policy

A Privacy Policy can be defined as the policy under... Read More

BUSTED: Anti Spam Forces Bankrupt Super-Spammer Scott Richter

Microsoft scores one for the good guysScott Richter, the self-proclaimed... Read More

CAN-SPAM Basics

I. BACKGROUNDThe CAN-SPAM Act of 2003 (Controlling the Assault of... Read More

The Trouble With Spam Is....

Each day we all face the same challenge. Spam. It... Read More

How Spammers Fool Bayesian Filters - And How to Stop Them

Effectively stopping spam over the long-term requires much more than... Read More