Spam

[TheSage]

Recently, the spam that hits my inbox contain long strings of gibberish (eg JqQcXZSrtY…) in the subject line and message body. I am assuming that it is design to defeat spam filters. I was wondering if this is true, and if so, how does it work.

[Markxxx]

I want to hijack this a bit too. In addition to the above, now virtually all my spam says RE:XXXX.

Also it says I applied for XXXX or something. I use accounts that I NEVER apply for.

Also I get emails bounced back to me. I know my email is being forged by a spammer. How do they do this? I can understand a fake email name but to forge it so it bounces back to me?

[biqu]

Possible answer to OP: PCMag article. Be sure to read the replies to the article for different perspectives.

Partial answer to hijack:
Headers can be forged easily in most e-mail programs. For example, the mail client mutt allows headers to be edited while composing a message, if the variable edit_headers is set to yes in the configuration file. Once the header is forged and the message sent, the mail servers can only go by the information in the header. So they bounce the message to the address they find in the From: or Reply-To: field. One must keep in mind that the mail delivery protocols were ironed out while the internet was still in its infancy, and the designers did not consider the potential for abuse that their naive protocols would facilitate.

Al Fasoldt makes the same point with greater vitriol here.

The fact that anybody who runs a mail server ought to know by now that the Klez Worm is faking all the return addresses seems to mean nothing. These e-mail servers keep doing their thing. Nails are smarter than e-mail servers.
My confidence in the integrity of e-mail itself has already sunk to a new low, but I have even less confidence in the automated software that sends mail here and there. All a terrorist would have to do is … I can’t even bring myself to say this. I don’t want to plant an idea in the wrong mind. But you are getting my point, right?
When will this ever end?

[Nanoda]

It “defeats” at least two types of spam filters:

1. Simple key-word filters: If the string “VIAGRA” is in an e-mail, chances are I don’t wanna read it. This is why it turned to “V.I.A.G.R.A” a while ago. You’ll be forever adding this type of thing to your filter file. Random characters won’t be picked up here.

2. Bayesian filters: These assign probablilities of spam being spam based on past experience, and on it’s content. For example, the HTML code for the colour red, appearing in a message with the words “CASH”, “FAST” and “WORK” is spam, but my cubiclemate reminding me to pay him back the cash I owe him at work gets through.
   I don’t get the “V.I.A.G.R.A” line anymore, probably 'cause of this. For an overview of this technology (now being included in Mozilla, and by extention, Netscape), read this here.

Oh, and they’re hoping you won’t be 100% sure some friend didn’t just smush the keyboard for a Subject line too. Works better than something specific you can rule out.
For a description of spam properties, here’s an ok paper.

[Nanoda]

Oh, (just read this) and any filters that calculate a checksum for a spam message can’t use it against other mail with the same content, 'cause it’s slightly different.

[MaryEFoo]

TheSage, welcome to the Board!