subscribe: Daily Newsletter

 

No end in sight to spam war of attrition

0 comments

The ongoing war of attrition between spammers and those opposed to these purveyors of unsolicited bulk emails shows no sign of abating or any indication of an ultimate victor.

Indeed David Jacobson, technical director at Johannesburg-based Synaq, a company focused on delivering Managed Linux Services in the mail security and network monitoring arenas, believes it’s a war that can never be won – at least not while SMTP (Simple Mail Transfer Protocol) remains the de facto standard for e-mail transmissions across the Internet.
“SMTP's strength comes primarily from its simplicity. Unfortunately, it was developed at a time when the very concept of Internet viruses, spammers, hackers and online fraud would have been regarded as science fiction at best or a harmless prank by high-spirited computer geeks at worst,” he says.
“Today, however, spamming is not only an unpleasant annoyance, it’s potentially extremely dangerous.”
According to Jacobson, spam used to be fairly easy to filter. It usually came from fixed IP addresses which could be countered by using a blacklist; the ‘from’ address was not usually forged and so could be filtered; and spam contained keywords – like ‘penis’ or ‘viagra’ – that could be blacklisted
However, he says, the simplistic filtering of ‘from’ addresses and content is now useless and has been for the past few years.
The reason is that spammers use a number of tricks designed to fool spam filtering programs.  These include misspelling commonly flagged words – so ‘viagra’, for example, is written as ‘v1@gra’, or ‘penis’ as ‘pe.nis’; and using invisible ink camouflage techniques.  Ironically, it’s tricks like these that in fact make it easier for anti-spam readers to identify suspect mails.
But spammers’ tricks have become more sophisticated – and anti-spammers are having to counter them one-by-one. Examples of the anti-spam battles currently being waged include:

Battle 1:
* Spammers realise that spam filters spot their text tricks so they send short, plain text emails with a URL which direct recipients to a website;
* Anti-spammer response: blacklist the URL;
* Spammer response: use a redirector (to counter the URL blacklist);
* Anti-spammer response: follow the redirector and blacklist that;
* Spammer response: use Geocities with complex page that reloads using encoded Javascript.

Battle 2:
* Spammers realise that spam filters read their mail so they send an image instead of text;
* Anti-spammer response: checksum the images;
* Spammer response: make random modification of image and number of images;
* Anti-spammer response: perform OCR (optical character recognition) on images;
* Spammer response: add random noise to images;
* Anti-spammer response  – use fuzzy OCR.
And so these and other battles in the war of attrition continue.
“Because spam changes its form so often, the only feasible solution against this plague is to ensure your anti-spam defences are constantly updated. At the same time, you have to ensure that your anti-spam protection doesn’t inhibit legitimate email correspondence,” Jacobson says.
For example, greylisting – a relatively new technique that has shown some promise –often causes delays on the delivery of initial emails. Similarly, content blockers that unilaterally block all mails containing suspect words such as viagra may not take account of the fact that in many instances, mails containing the word viagra may well be perfectly legitimate for members of the medical or pharmaceutical professions.
“What’s required therefore is a dynamic anti-spam solution that is able to deal with changing threats on a daily basis while simultaneously managing the availability and performance of email services.
“Because few businesses have the in-house skills – or the time – to continuously monitor and maintain their anti-spam defences, they are increasingly turning to companies that provide managed email security solutions to continue the war on their behalf,” he concludes.