Porn Spammers Outsmart Microsoft's Outlook
Considered one of the most effective technologies on the market to fight spam, Bayesian spam filters calculate the probability of a message being spam based on its word content. Unlike other filtering techniques that look for spam-identifying words in subject lines and headers, Bayesian filter technology uses the entire context of an email when it looks for words or "character strings" that identify the email as spam.
In early 2003, thinking itself fully equipped to deal with the universal spam glut, Microsoft took aim at spam offenders infiltrating its Outlook email software. But according to reports, porn spammers quickly outsmarted the computer giant by bypassing the new security feature with image-based spam that the Bayesian filter couldn't detect.
According to email security firm BlackSpider Technologies, a new tactic for porn spammers is to attach a pornographic image file to their emails and then use HTML code to display the attached image.
Microsoft's original intention had been to install a filter to stop potentially offensive content from being automatically displayed in Outlook's preview window by filtering through keywords associated with the unsolicited email.
Additionally, says Silicon.com, Microsoft gave users the ability to prevent porn from ever reaching their desktops by giving the user the chance to deny unsolicited HTML downloads via the Internet.
But porn spammers found a way to exploit Outlook in such a way that it was necessary for Outlook to access the Internet before displaying a picture. Spammers were also able to create images that display words or a web address that Microsoft's spam filter typically wouldn't catch.
"There are hardly any words in the body of the email because they are in the picture itself. This is very hard to track," Simon McNally, a systems engineer at anti-spam firm Borderware, told Silicon.com.
"Historically, spammers have been able to get the emails through by incorporating a link to the file. This is a change in tactic and we've been seeing a lot more of it recently," said John Cheney of BlackSpider.
The downside, according to McNally, is that the files themselves require more bandwidth because of their size, and spammers are unable to track image views on spam.
The Federal Trade Commission recently required that all porn spam include the words "SEXUALLY-EXPLICIT" in the header of the email. According to an email research firm, a week after the law was put into effect, only 15 percent of porn spammers were in compliance.