Jump to content
Sign in to follow this  
Rev Moe Lester

How scams and spams get past the spam filter

Recommended Posts

How did that scam/spam get past the spam filter?


1. Shoving everything in an attachment


Many email providers still don't scan attachment contents; sometimes the email says "please see attachment" but sometimes the email is blank altogether

Example: http://scammed.by/scam.php?id=65330


2. Adding lots of random extra characters to the email


These characters are inserted between each letter of the spam email, and made very small and made be the same colour as the email background. So you can't see them. Remove the formatting, and the email looks like nonsense, and the spam filter can't detect any bad words.


Look at the email below:




It all makes sense, doesn't it?


Now look at the email, with all the content highlighted:




Both are the same email! But in the second example, you can see that text exists between each letter but the text is 'invisible'. It's very small, and the same colour as the background. So you can't see it, but the spam filter can


Here's how it's done:




So when you see ¯¦§A®©¯NÀñÇTÙ³ýIý¨®-¥Ò¥A·°ÃLªÊÕLó¦ßE§ÊâRí×çG¿ÊØIü¹æCÊëÚ/º³ÒAìé¢SóéÎTݹµHÛî±M·ÂàAîôÏ:. the spam filter sees Â¯Â¦Â§A®©¯NÀñÇTÙ³ýIý¨®-¥Ò¥A·°ÃLªÊÕLó¦ßE§ÊâRí×çG¿ÊØIü¹æCÊëÚ/º³ÒAìé¢SóéÎTݹµHÛî±M·ÂàAîôÏ:


The spam filter can't see any suspicious words there - it can't see any words at all! But maybe if the filter can't see a single word in the email, it will still think it's a spam. So what does the spammer do? He adds a random block of text to the bottom of the email for the spam filter to see. Usually this is white text on a white background, so you can't see it. Example:



Greeted her uncle was tired.

Jenna and returned home to wish that.
Sighed adam gave him by judith bronte. Either side eï ect that. Reasoned vera in jerome walked back.
Answered it never mind that.
Angela placing his mind was doing good.
Please go get him with vera. 


Example: http://scammed.by/scam.php?id=65143


3. Mis-spelling words, often using numbers not letters


Often phishing emails are sent out pretending to be from Google, for example. But if the email said "Please click here to sign into your Google account" then spam filters would detect it as a phishing email. So they misspell it, like Gooogle, or G00gle


Example: http://scammed.by/scam.php?id=65334


4. Very short emails asking you to reply for more details


Many scams now just say something like "I have something important to discuss, please reply for more details". This is harmless text that spam-filters won't think suspicious. Once the person replies, the scammer sends the full-length scam email; but because the recipient has already emailed the scammer, the spam filter will not analyse the reply from the scammer properly.


Example: http://scammed.by/scam.php?id=65287

  • Like 1

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this