Better Blocks, Better Spam

Demented fitzroy coercible assai renoir laterite amort liven nicodemus zinc brown.

There. Now this message should get through to all our e-newsletter subscribers.

If you’ve been following the spam war, word combinations like the one above should look familiar. Some call it “word salad,” others “poetry spam.” Whatever you call it, it’s one trick spammers adopted to bust through increasingly effective filters.

Ironically, the Federal CAN-SPAM Act is also triggering evasive spammer maneuvers as of late. Spammers try to appear legitimate (or at least in compliance) without actually being so.

In short, the better anti-spam folks are at filtering and legislating, the wilier and craftier spammers are at evading the roadblocks. To get a handle on the state of the spam arms race, I touched base this week with a number of folks on the front lines. Here’s what I learned.

1. Spam isn’t abating.

Despite Bill Gates’ prediction of a spam-free world by 2006, there are no signs of a reduction thus far. Brightmail, which filters for hundreds of millions of inboxes, says it’s seen no reduction in spam levels since CAN-SPAM’s enactment on January 1. In December 2003, 58 percent of all email the company saw was identified as spam.

2. Appearing to comply with CAN-SPAM lends an air of legitimacy.

Although 19 out of 20 spammers make no effort to even pretend to comply with CAN-SPAM, some appear to use its provisions to their advantage.

Susan Larson, VP of global product content at U.K.-based SurfControl, cites spammers who put physical addresses in the footers of their email messages, as the law requires, but do so with images. That way, Larson suggests, they can change their addresses regularly simply by changing images on the servers. This prevents network administrators from filtering based on the address.

“Some elements in their emails are trying to give the illusion that they are complying, but these almost make it more dangerous for consumers because it’s just as illegitimate [as] it was before,” she said. “Most likely, those addresses are not even real.”

3. Some spammers “comply” with CAN-SPAM.

An example: One ClickZ staffer got an unsolicited email this week that claimed to be compliant with CAN-SPAM. It included a clearly visible opt-out notice, a postal address — even a graphic trumpeting “CAN-SPAM compliance.” When she clicked the opt-out button, she was barraged with pop-up ads emanating from the destination Web site. Now, I’m no lawyer, but I’d say that isn’t consistent with the spirit of the law, even if it’d pass muster on a technicality.

Another email, trapped by SurfControl, uses the subject line, “The consulate Law.” It reads:

“It is illegal to put tomatoes in clam chowder”
– In Massachusetts
The Primary Purpose of this Email is to Deliver You a “Crazy USA State Law of the Week” – The Secondary Purpose of this Email is to Let You Know:

Click Here to Email Advertise Your Web Site to 1,850,000 0PT-IN Email Addresses for FREE!

Do you believe the “Crazy USA State Law of the Week” is the primary purpose of the email?

“As the law takes effect, spammers are going to try to take advantage of any loopholes,” explains Larson.

4. Bayesian filters are getting better, and spammers are working to beat them.

Poetry spam has been used by spammers for the past several months to mask their messages’ true intention. Including a whole bunch of random, non-spammy words is meant to throw text-based filters off their trail.

John Graham-Cumming, research director of Sophos’ anti-spam task force, says the technique doesn’t really work that well, unless the email contains more “hammy” (non-spam) than “spammy” words. Ham is apparently hard to come by.

Graham-Cumming sounds the alarm against sending spammers feedback, a broad term that includes bounces, SMTP server errors, challenge/response messages, and server calls to render images in HTML messages. All these help spammers figure out which hammy words allow their messages to get through.

As an aside, it’s interesting to note someone’s finding value in poetry spam. An alternative art gallery in Manhattan is reportedly showing an exhibit called “Reimagining the Ordovician Gothic: Fossils From the Golden Age of Spam.” Besides displaying the odd word juxtapositions, it also features deposed African leaders — the purported authors of so-called Nigerian spam.

5. The more things change, the more they stay the same.

Spam expert Terry Sullivan conducted a study of spam trends over three years, which he presented at MIT’s Spam Conference this month. His conclusion: Spam changes a lot more slowly that it might appear to.

“These results ultimately and unequivocally challenge the conventional wisdom that spam is ‘volatile,'” he wrote in a white paper. “Instead, these results suggest a fundamentally different approach to thinking about spam — one that sees spam as a very-nearly-stationary target.”

If Sullivan’s right, the anti-spam filtering forces may eventually be able to get a handle on the problem. It will take advances like that, legislation, and perhaps a wholesale overhaul of SMTP to make serious headway. We’re getting there.

Related reading