What is this all about? All of a sudden I am noticing that most of the SPAM I receive has seemingly meaningless strings of characters at the bottom of the message and lately even in the subject line. Is this some technique to get around email filter rules? I have also noticed that several of the rules I have created under Outlook Express simply don’t work. For instance, most SPAM messages have an opt-out disclaimer at the bottom that says “To unsubscribe yourself from our mailing list, please bla bla bla…” Now, I know better than to bla bla bla, but if I create a mail filter rule that says to delete the message if “unsubscribe” appears in the body of the message, it doesn’t work. Anybody know why?
Are you viewing the message in HTML format? - just a thought, but if the spammer were to construct the word ‘unsubscribe’ from character codes, rather than as a plan bit of text, then I don’t think the filter would see it.
a) Many of the little bastards come in with the stuff at the bottom formatted something like this:
b) Another technique I’ve seen more and more of lately is to format it as XML and intersperse random XML brackets like this:
[QUOTE]
To un<!zip>subscri<!dee>be from our mai<!doo>ling lis<!dah>t, please cl<!zippa>ick the rem<!dee>ove me lin<!yay>k below.
[QUOTE]
You don’t see the inserted crap unless you view as source (e.g., in Eudora, turn on the “blah blah blah” button). Plays hell with filters.
Well, here’s a recent example:
The subject line was: unripe npostrophe tizcmpvphawefq lyu
and at the bottom of the message was:
Not Interested? <— this was hypertexted
pyjg fdskmf c ybvemqeaavk si rpseezx
The random characters are put in each spam mail so that each email is different. The idea is that it fools spam traps into thinking that the email is unique, and therefore couldn’t be spam.
Just another way that spam is deceitful and so are those that send it.
A bit off topic, but POPfile is an email sorting/filtering program that rocks. It is not fooled by many of the common tricks, some of which have been described above. It works by not assuming anything about spam - you give it examples of spam and non-spam, and it compares new messages to see what they are.
If you are trying to filter out spam, I recommend it.
(I have no relation to POPfile other than as a satisfied user.)
Another thought is that the random characters may be a tracking feature. That is, pretend you are the spammer (horror or horrors!). Perhaps you buy e-mail lists from hundreds of sources. If you put some kind of character string in the message that is specific to each source you bought it from (but different from each other), based on the response you get back, you can tell who supplied you with that name.
Presumably, even spammers want to get the most for their money, and so if one list is generating lots of leads, and the other provides no leads, you would only want to buy lists from the former supplier.
It’s just like back in the old days when you would buy something out of the back of a magazine and part of the address would include something like “Dept. H32”. That is usually used so that the guy who placed the ad (who is presumably advertising in lots of places at once) can tell when an order comes in, where you saw the ad based on what ‘department’ is on the outside of the envelope and gear his advertising accordingly.
The latest technique now seems to have the spam be “From” some common sounding “John/Jane Doe” name, like they are oh, so personal friends of mine. Just whom do they think they are fooling. A recent example:
From: Gloria Matthews
Subject: “I increased my penis length by 3 inches, so can you.” 
But at least the alphabet soup has largely disappeared.
The latest technique now seems to have the spam be “From” some common sounding “John/Jane Doe” name, like they are oh, so personal friends of mine. Just whom do they think they are fooling? A recent example:
From: Gloria Matthews
Subject: “I increased my penis length by 3 inches, so can you.”
But at least the alphabet soup has largely disappeared.
Here’s a very good example, from today:
From: “Marrissa Ferguson” <marrissa_fergusonln@spammer.suckit>
Subject : Look out your window
Term-life coverage at reduced rates is now available
Why spend more than you have to?
We survey the top life-insurance companies-nationwide
and provide the best-rates available today!
http://straightdope.com
If you don’t want to hear from us again please follow the link below
http://straightdope.com
p8049snbgugh a8302y2bihqv7 4h07wcgs3t45
fczoj8141rpd21 x3dcly217153w2 mgtlrw1mhb4 mocizc2nkrp403 qwdaih15qvlv
ldan122e010ou2 h0fqud2rpf
0rw49y3qj1fxdu n06t7b116t
374j7c1yxk1rw woxz6shz5ump1 7but8835rl72 jrasq935ovm o717614c7osc1l
6ui5ze1wuv9e2w ywmzzasomh6l 5wuwfm4ji34i wdqj3n2zclq bnrq3b19z1 5raqql8vdjilja zq3r492ib81ck1
tbcch22dkf cyltcc2r7juvro 3splh53bc9
5a593b2ki2k4o1 uwnti318g23c glyl8t6fhzau2 nn6djo16dije 2ky1oi23yfs 9ditg1ou52791e
Thanks, bye.
The “spammer gives themselves info” theory is a good one but doesn’t hold true here. They wouldn’t need that many characters.
So, are you saying that this is some kind of PGP-like code, maybe?
Maybe.
http://world.std.com/~reinhold/diceware.page.html
Notice the words in my spam vary from 10 - 14 characters. I find this very interesting and would like to know the reason.
I really do appreciate the courtesy of spammers to put nonsense characters in the subject line. Since I delete all my spam manually, it makes them so much easier to identify and delete on sight…
I’ll echo KGS’s sentiment and add that my spam has increased about 400% in the past few weeks. Is it the telemarketers staking out a new horizon? I can block the sender, but they are all switching names and not repeating the spam.
I don’t need Viagra, my penis is big enough, I’m happy with the size of my boobs and I’m renting so I don’t need to refinance anything. Leave me alone!
A little off the topic - I don’t receive many spams. I’ve two different accounts with Yahoo. One for registering on various sites on the net that I don’t want to receive their periodic newsletters etc and other for family and friends. With the spam gaurd offered in yahoo, all the messages specified in the filter do go to the bulk folder directly.
I had nightmarish experience with hotmail. There was no way to stop 20-30 new spam address on daily basis regardless how much consistently you’d add the addresses to the filter.