So spammers spams and spams are filtered and life is good. But sometime spammers get serious and really try. They have their own tactics to fool antispam filters:

Image only spam

This method is simple: the mail just contains one image and the spam is actually written in the image, like the one on the right image-only-spam

But this is getting old.. static rules filters like spamassassin can detect the mail doesn't contains anything but an image. this and the fact the sender is fake make it easy for the filter to tell it's spam.

Bayesian Poisonning

I'm sure you received strange mails, not really spams because they don't sell anything, but lines and lines of crap... sometimes it just doesn't mean anything, sometimes it's litterature. That's a spammer's tastic called Bayesian Poisonning, trying to fool people into reporting the mail as spam so the filter starts detecting ham (non-spam mails) as spam. When the baysian filter is messed up enough, their real spams start passing through it.

Poisonning is often used with images because poisonning is usefull for them, but since they send something why not try to use it to sell more stuff to naive users? Plus images doesn't mess the poisonning. That's why filters started analyzing images to trying to read what's written in it (cf Spamassassin OCR plugin). And that why spammers started using Captcha spams!

Captcha Spams

Captcha spams... that's the latest trick in live in color from spamland. Captcha is an acronym for "Completely Automated Public Turing test to tell Computers and Humans Apart". It's a simple test for you to prove you aren't a machine (are you?) It's just an image with some misformed text hard to read that only an human could understand.

blogger-captcha The image on the left is a captcha

Anyway, spammers started using this method to make their images unreadable so the antispam filters can't detect what's going on in the image. The filters will just detect a mail with some perfectly normal text (poisonning) with an image that doesn't look like a spam (as far as they know that could be a landscape...):


What's next?

Filters will evolve and will be able to detect new form of spams, using external methods like Razor, RBLs, etc. and Spammers will find new ways to trick filters...


AlexEck talks about the Captcha images: