I seem to be getting more and more spam with strings of garbage. Anyone know what’s up with that?
It is supposed to foil spam blocking software.
Haj
Of course, it also makes it even easier to see that it is spam and should be deleted. Not that I expect spammers to make any sense.
Since the OP got answered lickety-split, I hope you don’t mind the hijack.
Any body out there know how spam detectors work?
(I know, they look for MY name in the “from” field, but other than that.)
Not really. It’s hard to program a computer to recognize random characters as something to be blocked.
Many spam blockers block on words in the messages. If a certain percentage of words in the message are indicators of spam, then the message is blocked. However, random characters aren’t in the database.
For instance, suppose your spam blocker considers the word “fnord” to be an indicator of spam. Thus the message “fnord” gets a 100% spam count. Now add the random characters: “fnord nkdnfe khnn nnbubu bkfbjkda” The trigger word is only 20% of the message. This may be enough to sneak by.
Spam senders can generate thousands of copies , with each recipient getting a different string of random characters. The sender’s ISP won’t recognize this as a “mass e-mail” since each recipient is getting a unique copy.
Could ISP’s run spell-checking with its spam filters? It would have to be a more advanced form of spell-checking since many legitimate people make misspellings in email. It could work so that misspelled words could at least be flagged with alternate suggestions. If too many of the “words” don’t resemble valid words and cannot be flagged with correct spelling suggestions then the email could be targeted as spam. Any thoughts on this idea?
The random letters are a way of creating a unique CRC code for each spam so that they can’t be mass-deleted by anti-spam software.
Spammer should die like pigs in hell.
Still won’t help.
Instead of putting strings of random characters, they’ll just strings of random words. Those random words are legit, and so it still makes it through.
Of course, the moment a spam blocker blocks a legitemate e-mail, well, it’s getting uninstalled.
-Joe
RealityChuck, I think what Thaumaturge meant was that it made it easier for a human to recognize the e-mail as spam(as opposed to all the spam I get from “June” about “The meeting”).
Thwarting spam-blocking was what I was thinking, I just wasn’t sure.
In a way I kind of like having “hjdgfdlgjewo0rgjklfjhsdg” in the subject line because I know it’s spam and I can just delete it.
Here is the report I got from SpamAssassin on a piece of spam that I selected at random. Note that 6 points is very marginal and I have seen things with over 20 points, but these are some of the things is looks for:
Content preview: Firmallean Complimentary Supply
4983yuhrkjhfruiyfr89uy3uioh43ijh NEW SCIENCE BREAKTHR0UGH […]
Content analysis details: (6.00 points, 5 required)
SUBJ_REMOVE (0.5 points) BODY: List removal information
HTML_FONT_FACE_ODD (0.2 points) BODY: HTML font face is not a commonly used
face
HTML_FONT_COLOR_RED (0.1 points) BODY: HTML font color is red
HTML_WEB_BUGS (0.1 points) BODY: Image tag with an ID code to identify
you
HTML_MESSAGE (0.1 points) BODY: HTML included in message
HTML_IMAGE_ONLY_08 (0.9 points) BODY: HTML has images with 600-800 bytes of
words
HTML_IMAGE_RATIO_12 (0.3 points) BODY: HTML has a low ratio of text to image
area
HTML_FONT_BIG (0.1 points) BODY: FONT Size +2 and up or 3 and up
HTML_FONT_COLOR_UNSAFE (0.1 points) BODY: HTML font color not within safe
6x6x6 palette
HTML_FONT_BIG_B (0.5 points) BODY: HTML has a big “font” and “B” tag combo
HTML_TAG_EXISTS_TBODY (0.1 points) BODY: HTML has “tbody” tag
HTML_70_80 (0.4 points) BODY: Message is 70% to 80% HTML
MAILTO_WITH_SUBJ_REMOVE (0.5 points) BODY: mailto URI includes removal text
MAILTO_WITH_SUBJ (0.1 points) URI: Includes a link to send a mail with a
subject
MAILTO_TO_REMOVE (0.4 points) URI: Includes a ‘remove’ email address
DATE_IN_FUTURE_03_06 (0.9 points) Date: is 3 to 6 hours after Received: date
RCVD_IN_SBL (0.6 points) RBL: Received via SBLed relay, see
http://www.spamhaus.org/sbl/
[RBL check: found 107.16.6.69.sbl.spamhaus.org.]
MIME_HTML_ONLY (0.1 points) Message only has text/html MIME parts
The original message did not contain plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
That’s true, but it doesn’t matter to the spammers. They want to get into as many inboxes as possible, even if people delete them without reading. There’s always a percentage that will read them, so a spammer’s goal is to find ways to get past the spam filters, even if it identifies it as spam to the more savvy users.
After all, do you really think spammers are interested in intelligent people? They’re hoping to hook people who are dumb enough to believe their claims. And if you’re dumb enough to do that, you’re dumb enough not to realize the random characters are a marker for spam. 
Why is this only a tenth of a point? Is there any conceivable reason for a legitimate e-mail to include a bugged image tag? Were I setting the filters, I would probably put that above threshhold, right there.