Why Spam is Hard to Stop

Preview:

Why doesn't your email provider's spam filter work better? Let's look under the hood at how scammers can obfuscate their phishing attacks.

I'm sometimes asked why our email providers can't do a better job keeping spam out of our inbox. It is trickier than you might think. Check the example below. To keep their cons from showing clearly and being tracked, there are many tricks. They can intersperse white characters and a white background so they are not seen, by human eyes, but are by machines that would scan. They can also use fonts or coding that hides itself.

This is what I received. It looks legitimate. To avoid detection as spam or phishing, they obfuscate their attack. Here is their actual source code for just the top line. I've highlighted the parts that actually display to human eyes.

This obfuscation allowed them to bypass the spam checkers. Notice they have a style called 3D which is defined somewhere else but has the attribute of "display:none;". No doubt that stops it from displaying, but not from confusing programs trying to find words and phrases used in spam content.

Date: May 2024

This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.

Keeping clients' computers safe and profitable for over 30 years

Home Forms About Current Newsletter subscribe Search All Articles Browse by Category Security Internet Mobile Business Hardware Fun		Why Spam is Hard to Stop Preview: Why doesn't your email provider's spam filter work better? Let's look under the hood at how scammers can obfuscate their phishing attacks. I'm sometimes asked why our email providers can't do a better job keeping spam out of our inbox. It is trickier than you might think. Check the example below. To keep their cons from showing clearly and being tracked, there are many tricks. They can intersperse white characters and a white background so they are not seen, by human eyes, but are by machines that would scan. They can also use fonts or coding that hides itself. This is what I received. It looks legitimate. To avoid detection as spam or phishing, they obfuscate their attack. Here is their actual source code for just the top line. I've highlighted the parts that actually display to human eyes. This obfuscation allowed them to bypass the spam checkers. Notice they have a style called 3D which is defined somewhere else but has the attribute of "display:none;". No doubt that stops it from displaying, but not from confusing programs trying to find words and phrases used in spam content. Date: May 2024 This article is licensed under a Creative Commons Attribution-NoDerivs 3.0 Unported License.
		I attempt to provide reliable information, but make no warranty as to the accuracy or safety of these articles. I disclaim all legal responsibility for what following these instructions may do. Follow my advice at your own risk