Home
>
Spam Blocking
>
How Spammers Fool Rule-based and Signature-Based Spam Filters

How Spammers Fool Rule-based and Signature-Based Spam Filters

Effectively stopping spam over the long-term requires much more than blocking individual IP addresses and creating rules based on keywords that spammers typically use. The increasing sophistication of spam tools coupled with the increasing number of spammers in the wild has created a hyper-evolution in the variety and volume of spam. The old ways of blocking the bad guys just don't work anymore.

Examining spam and spam-blocking technology can illuminate how this evolution is taking place and what can be done to combat spam and reclaim e-mail as the efficient, effective communication tool it was intended to be.

Heuristics (Rule-based Filtering)

One method used to combat spam is Rule-based, or Heuristic Filtering. Rule-based filters scan email content for predetermined words or phrases that may indicate a message is spam. For example, if an email administrator includes the word "sex" on a company's rule-based list, any email containing this word will be filtered.

The major drawback of this approach is the difficulty in identifying keywords that are consistently indicative of spam. While spammers may frequently use the words "sex" and 'Viagra" in spam emails, these words are also used in legitimate business correspondence, particularly in the healthcare industry. Additionally, spammers have learned to obfuscate suspect words by using spellings such as "S*E*X", or "VI a a GRR A".

It is impossible to develop dictionaries that identify every possible misspelling of "spammy" keywords. Additionally, because filtering for certain keywords produces large numbers of false positives, many organizations have found they cannot afford to rely solely on rule-based filters to identify spam.

Signature-Based Spam Filters

Another method used to combat spam is Signature-based Filtering. Signature-based filters examine the contents of known spam, usually derived from honey pots, or dummy email addresses set up specifically to collect spam. Once a honey pot receives a spam message, the content is examined and given a unique identifier. The unique identifier is obtained by assigning a value to each character in the email. Once all characters have been assigned a value, the values are totaled, creating the spam's signature. The signature is added to a signature database and sent as a regular update to the email service's subscribers. The signature is compared to every email coming in to the network and all matching messages are discarded as spam.

The benefit of signature-based filters is that they rarely produce false-positives, or legitimate email incorrectly identified as spam. The drawback of signature-based filters is that they are very easy to defeat. Because they are backward-looking, they only deal with spam that has already been sent. By the time the honey pot receives a spam message, the system assigns a signature, and the update is sent and installed on the subscribers' network, the spammer has already sent millions of emails. A slight modification of the email message will render the existing signature useless.

Furthermore, spammers can easily evade signature-based filters by using special email software that adds random strings of content to the subject line and body of the email. Because the variable content alters the signature of each email sent by the spammer, signature-based spam filters are unable to match the email to known pieces of spam.

Developers of signature-based spam filters have learned to identify the tell-tale signs of automated random character generation. But as is often the case, spammers remain a step ahead and have developed more sophisticated methods for inserting random content. As a result, most spam continues to fool signature-based filters.

The Solution

When used individually, each anti-spam technique has been systematically overcome by spammers. Grandiose plans to rid the world of spam, such as charging a penny for each e-mail received or forcing servers to solve mathematical problems before delivering e-mail, have been proposed with few results. These schemes are not realistic and would require a large percentage of the population to adopt the same anti-spam method in order to be effective. You can learn more about the fight against spam by visiting our website at www.ciphertrust.com and downloading our whitepapers.

Dr. Paul Judge is a noted scholar and entrepreneur. He is Chief Technology Officer at CipherTrust, the industry's largest provider of enterprise email security. The company's flagship product, IronMail provides a best of breed enterprise anti spam solution designed to stop spam, phishing attacks and other email-based threats. Learn more by visiting enterprise anti spam solution today.

high-end home cleaning Morton Grove ..

In The News:

Aigen's Element robot uses solar power and AI to provide farmers with a sustainable alternative to herbicides, working efficiently in cotton and soy fields.

Stay up to date on the latest AI technology advancements and learn about the challenges and opportunities AI presents now and for the future.

Cybercriminals accessed Medicare data of more than 100,000 Americans by creating fraudulent accounts, prompting CMS to deactivate accounts and issue new Medicare cards.

China's battery swap technology from CATL lets electric vehicle owners exchange batteries in under two minutes, with plans to expand to 1,000 stations across 31 Chinese cities by 2025.

Analysts at Silent Push have uncovered a widespread scam that uses counterfeit retail websites to steal the credit card information of online shoppers.

Chrome users need to update their browsers immediately as Google addresses a critical vulnerability that hackers are actively exploiting. Additional security measures are recommended.

A study found teens glance at phones for dangerous two-second intervals while driving, using devices primarily for entertainment, texting and navigation despite crash risks.

Security researchers uncovered a flaw in Windows 11 that allows attackers to disable Secure Boot using Microsoft-signed tools, requiring manual updates to protect against bootkits.

Carnegie Mellon's noninvasive brain technology allows users to move robotic fingers by thinking about the motion, offering new possibilities for people with motor impairments.

Multi-factor authentication (MFA) adds an extra layer of protection to your accounts. Instead of relying only on a password, MFA requires you to verify your identity using two or more methods.

Scientists from Duke, Harvard, and the University of Otago have unveiled a game-changing tool called DunedinPACNI. It uses a single AI brain scan to reveal how fast a person is biologically aging.

A disturbing wave of fake agent phone scams is sweeping across the United States, catching people off guard and draining their savings.

Emojis aren't just playful add-ons; they're powerful tools for building stronger connections in our increasingly digital world.

Google has taken a major step toward the future of clean energy by partnering with Commonwealth Fusion Systems (CFS), an MIT spin-out working to build one of the world’s first commercial fusion reactors.

If you create and share art online, you might have seen messages warning that Facebook's parent company, Meta, claims the right to use or even sell anything you post, whether it's pictures, poems, or artwork.

Cybercriminals hit Qantas in a major data breach that exposed information from up to six million customers.

Having reliable, loud, and timely emergency alerts on your phone or device is important because when severe weather strikes, every second counts.

Here's how your daily brew is becoming the foundation for greener buildings.

Artificial intelligence (AI) and large language models (LLMs), such as ChatGPT, are transforming how we learn. But what does this mean for AI and learning retention?

Modern AI data centers use much more electricity than traditional cloud servers. In many cases, the existing power grid cannot keep up. One innovative solution is gaining traction: repurposed EV batteries for AI data centers.

Microsoft 365 and Outlook users are being targeted by a tactic that injects fake billing alerts directly into their calendars.

Researchers are now showing us that old smartphones as data centers could be the next big thing in sustainable tech.

Scientists have created micro-robots for sinus infection treatment that can enter the nasal cavity, eliminate bacteria directly at the source, and exit without harming surrounding tissue.

Let's examine how your data is collected in everyday life, who is buying and selling it, what happens to it afterward, and, most importantly, what you can do to protect yourself.

Researchers at the University of Sheffield in the U.K. developed small robots called "Pipebots" that can travel inside water pipes to find and potentially repair leaks, all without any excavation.

How Spammers Fool Rule-based and Signature-Based Spam Filters

Spam Blocking