« On-Demand Phisher Nuking | Main | Why Do They Bother? »

June 04, 2005

About a month ago, I wrote about an erectile drugs spammer whose messages, while carefully crafted to avoid some types of spam content filtering, lacked something quite important: a link or URL to visit his Web site to buy his phony medz. There are also no images in these messages (unlike another ED drugs spammer who uses the same table technique, but includes images embedded in the mail as binary attachments). The messages get cut off at the same place and with the same telltale symbols.

I hadn't seen much from him for awhile until the last couple of days. He has the same no-URL problem, but his messages now contain a text-only section that have extracts from anti-spam Web site articles. One was about Scott Richter's bankruptcy actions, and one I saw today had a long paragraph excerpt of an article by a CipherTrust executive. This is a common technique used to trick Bayesian filters, as I describe in Spam Wars.

What strikes me as odd is that some content filters are on the lookout for the word "spam" because so many bogus disclaimers include phrases like "this is not spam." But this fellow has no qualms about including spam-tripping extracts in his insert intended to fool filters.

I wonder what else this guy can do to further sabotage his spam runs.