Darn Spammers Anyways

By on April 26, 2006

So, a few of us here at work got a spam today with this as part of the body:

Your credit doesn’t matter to us

We believe this should have been caught by our spam filter. However, if you copy the text and paste it into notepad, it come out like this:

Your cr y ed y it doesn’t matter to us

How the heck are they doing that? How am I or any other software supposed to stop that? We are using Mailsweeper and it isn’t doing a very good job. What is everybody here using for their corporate spam filter solution? And yes, we are running Exchange.

Gadgetopia

Comments

  1. As to how they’re doing that, the extra bits are probably Unicode control characters like the zero-width joiner or the byte-order mark. Filter software should be doing a character lookalike pass before doing the Bayesian pass.

    Not that I know if any actually do this.

  2. Try using a challenge/response filter, like Spamarrest (www.spamarrest.om). Never fails because it doesn’t need to analysze the content of the email – just checks to see if someone real has sent it.

    Regards, Ira

  3. This is a corporate banking environment with hundreds of legit emails received every hour. I could never get away with a challenge/response filter.

    Now, for my own personal mail…that would be nice.

  4. It would be interesting to run it through SpamAssassin’s analysis report (spamc -r).

    I’ll watch this space for a couple days and if you do post the message (be sure to include the raw message with all headers) I’ll run it through SpamAssassin. That should tell you what tricks it detected and give you an idea if SA would have been able to block the message.

  5. i just advise if you HAVE to use exchange put a real server in front of it such as exim add spamassasin for the content checking and clamav for the antivirus {all built in if you use centos as the free o/s to run it on}

    then setup exim to to sender and recipient callout checking

    thus e-mail from address is validated by checking can it recieve mail before mail is allowed in from that address and recipient to address is checked also so no mail is later bounced by exchange. {valid addresses are cached so they are only re-checked for validity if they havn’t recieved email in a while}

    also check senders ip against some of the better rbl’s

    also if there are countries you have no legitimate mail from dropping mails from those ip’s is a great way to cut spam volume china and korea and brazil seem to account for approx 60% of incomming spam {also all the chineese people i know use hotmail/gmail/yahoo {so don’t send from china ip address wise} {but you can whitelist the ones you need to recieve as they crop up}

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.