Spam Filter: How It Works And How To Bypass It

Spam Filter

What is Spam Filter and How To Bypass It?
What is Spam Filter and How To Bypass It?

What is spam?

Spam is flooding the Internet with many copies of the same message. It is an attempt to force the message on people who would not otherwise choose to receive it. Most spam is commercial advertising, often for dubious products, get-rich-quick schemes, or quasi-legal services. Spam costs the sender very little to send — most of the costs are paid for by the recipient or the carriers rather than by the sender.

Email spam targets individual users with direct mail messages. Email spam lists are often created by scanning Usenet postings, stealing Internet mailing lists, or searching the Web for addresses. Some spam is annoying but harmless. However, some spam is part of an identity theft scam or other kind of fraud. Identity theft spam is often called a phishing scam. Some spam messages even contain viruses and malware.

What are Spam Filters?

Spam filter is an application that checks if a message is a spam message or a normal message. Fady Mohamed Osman describes the basic working of the spam filters. It basically works on 3 things to determine if a message is a spam. If all the 3 requirements are fulfilled, then the Spam filter blocks the message and puts it in the spam folder.

3 important things to determine a message as Spam:

1). The source of the message:  The first step taken by spam filters is to check the source of the message, where it originated. Spam filter looks for the network where the message came from in several Real Time Blackhole Lists. If the message appears to have come from that blocked network’s list, the first condition is fulfilled.

How it can be bypassed?

Usually spammers bypass this check by using a trusted network like public mail services.

2). Software used for sending the message: Message headers are very useful in finding spam messages. Spam Filter application search for clues in message headers to confirm if the message was sent using a spam engine or a real e-mailer. Bingo the spam filter has checked for the 2nd check.

How it can be bypassed?

To bypass it, the spammer can stimulate a real mailer or it can be bypassed by using a real mailer. Still using a real mailer increases the risk of being caught by spam filters.

3). Body of the message: This is the most important part of a spam check. In this part the spam filter will check for words which are either blocked or considered as being used in spam messages, such as “Click Here”, “Viagra”, “Buy Now”, “Free”, “You Won” etc. If in the email the sender is talking about money, lottery, will, guarantee of some product, something asking for urgent action then the message will go to your Spam folder.

How it Spam Filter be bypassed?

 It can be bypassed by either using images in the message or asking the reader to click on the link the see the offer. He can even misplace some words. Like to spell ‘Viagra’ he can write it like ’V.iagra’

Some other major limitations of Spam Filter

Though Spam filters are most successful anti-spam applications, still they have got limitations too.

1)      To avoid getting filtered, spammers use “Re:” in the subject area. This makes the Spam filter confused and it passes as a legitimate message.

2)      Sometimes due to some strict checking by the spam filters even the genuine mails also lands in Spam folder.

3)      If the spam message containing malware clears the filter and pass as a genuine message it poses a great threat for the users.

4)      Since there is a possibility that the genuine mail may land in junk folder and spam message may appear to be legitimate. To avoid confirm that the spam filter has worked properly you need to check the spam box manually. Loss of time.

Some Spam filter Application:

1). SpamAssassin:

Spamassassin | Spam Filter

SpamAssassin is open source software developed by Apache. It is basically used by Apache web server. SpamAssassin uses a wide variety of local and network tests to identify spam signatures. This makes it harder for spammers to identify one aspect which they can craft their messages to work around.  Anti-spam tests and configuration are stored in plain text, making it easy to configure and add new rules. SpamAssassin encapsulates its logic in a well-designed, abstract API so it can be integrated anywhere in the email stream. The Mail::SpamAssassin classes can be used on a wide variety of email systems including procmail, sendmail, Postfix, qmail, and many others.

Download Link: http://spamassassin.apache.org

2). Email Spam Test:

Email Spam Test | Spam Filter
Email Spam Test is a simple email spam testing tool which helps you to determine if your email may be flagged as spam, or filtered away by spam filters. You’ll get results based on your email’s subject title, HTML source, plain text content and a links analysis.

It is an Online application and the rules are based on the popular Spam Assassin Project, which is the leading open-source spam filter widely used by many email servers around the world.

Link: http://www.emailspamtest.com/

How To Bypass Spam Filter Using Homograph Letters?

Homograph Letters can be used to bypass Spam filtration. Homograph Letters are characters which are very similar and almost identical to the English alphabets.

Example: “l” (lowercase letter “L”) / “1” (the number “one”) and “O” (capital letter for vowel “o”) / “0” (the number “zero”).

An attack is done by using Homographic Letters called IDN (internationalized domain name) homograph attack  is a way a malicious party may deceive computer users about what remote system they are communicating with, by exploiting the fact that many different characters look alike.

We can further use Homograph letters to bypass Spam filters.

As in ‘GOOGLE.COM’ we can use G00GLE.COM. Here we changed capital O (o) with 0 (zero) and both the links look identical.

Cyrillic З, Ч and б resemble the numerals 3, 4 and 6.

As ‘VIAGRA’ can be written as V1ДGRД. Here we replaced A with Cyrillic Д and I with numerical 1.

This will be impossible for the Spam Filter to capture and hence this message with will not be considered as a spam message.

How to defend against Spam?

The simplest way to defend against such attack is to disallow browser support for the IDNA (Internationalized Domain Name Application) or any other similar mechanisms. So that no identical alphabetic or numerical can be used to bypass spam check.

Use the latest Internet Browsers. The one which have built-in phishing filters which also block homograph letters wherever the browser feel that they can be used for fraud.

Some basic tips on How To Avoid Spam Messages:

1)      To avoid getting spam mails in your account you should avoid posting your email address publically on internet. Like on social networking websites, personals blogs and forums. There are spam engines which search the internet for posts which contain plain text email addresses.

2)      If you have to give your contact email address on internet either use an image for it or do it the format like : abcd [at] gmail.com, h5 [at] Hotmail.com not like abcd@gmail.com h5@hotmail.com.

3)      Don’t create accounts at random or subscribe any website using email ID. Always subscribe trusted websites because many websites sell their mailing lists.

4)      Always use email clients with built-in Spam Filtering program.

Author: Naveen Thakur.

If you wish to write articles for Whitec0de Magazine, then Click Here.