how did it get to my inbox?

[johnnymier]

Hi:

I am one of the millions of hotmail users. I have activated the exclusive junk mail filter which means that the only emails getting to my inbox are people in my contact list.
Today an email from:
Women76@word.savehugeontheseoffersnow.biz

appeared in my inbox with the following message:

This offer was sent on behalf of:
Dollar Machine
1117 Queen Street West # 780
Toronto, ON, CA
M6J 1J0


I am aware that hotmail is spammers paradise, but still how did that get through the filters? Is it a bug? or something else? I guess that even this exclusive filter is not perfect. Another problem with this filter is that supposedly mails not from your contacts go directly to the junk folder, its weird but whats happening is that if you are not in my contacts your email won't even reach the junk folder. I tested this opening another account and emailing myself without having the new address in my contacts and no messages were received at all.
Please don't reply saying that since its a free service I should expect those faults. The purpose of this is just to know why is this happening, I'm not bothered by it I'm just curious.

cheers,
J

[MrLinus]

Filters are as only as good as the words put in place (e.g., the common ads include words like penis, viagara, etc). No filter is perfect (unless you limit your emails to just those that you have in an address book). The reality is some will get through. The other thing, that you may be unable to see, is that some of these messages are really html based ones that hide characters within the word, thus by-passing filters. It looks normal when viewed in a browser but when viewing the source it's quite a packed little message.

[thehorse13]

The game will never end unless legislation is passed *AND* the laws are enforced.

Here are examples of the ways that SPAMMERS beat filters. After seeing the list, I'm sure that you'll understand why the message got through to you.

NOTE: Examples taken from the SOPHOS SPAM patrol database.


Control Freak

What: Use of non-printing characters, especially in the Subject and especially NUL to mess up filters that use 0 terminated strings.
Popularity: Rare
Complexity: Clever
Date added: September 15, 2003


--------------------------------------------------------------------------------

Don't Cramp My Style

What: Enclose text within <style> tags to hide it from user but confuse filters.
Popularity: Very Rare
Complexity: Fairly Clever
Date added: September 15, 2003
Example from the wild:

<style>RANDOM</style>


--------------------------------------------------------------------------------

You've been framed

What: Using the <noframes> tag the spammer can hide text and break up words.
Popularity: Fairly Common
Complexity: Fairly Clever
Date added: September 15, 2003
Example from the wild:

Ere<frame><noframes>ywl55</noframes></frame>ctions


--------------------------------------------------------------------------------

It's Mini Marquee!

What: Using the <marquee> tag the spammer can hide text in a tiny unobtrusive square.
Popularity: Rare
Complexity: Simple
Date added: July 9, 2003
Example from the wild:

<marquee bgcolor="white" height="8" width="8">Did you ever play that game
when you were a kid where the little plastic hippo tries to gobble up all
your marbles?</marquee>


--------------------------------------------------------------------------------

A Form of Desperation

What: Hiding text by placing it in the name of a hidden form field
Popularity: Rare
Complexity: Clever
Date added: June 24, 2003
Example from the wild:

Get The <font color="#FF0000"> LOWE<input type="hidden" name=gfrtde>ST PR<input
type="hidden" name=zawsxd>ICE </font> On Your N<input type="hidden" name=plkmju>ew Car

September 15, 2003: Another example came in from Darren J. Young that uses the value tag and fills it with a phrase from current events:

<input type=hidden value="The Los Angeles Film Critics on Saturday picked 'About Schmidt,'
the drama starring Jack Nicholson, as the year's top movie, splitting the two major critics'
awards so far as the 2002 Hollywood movie awards season heads into a pivotal week
with more honors ahead.">


--------------------------------------------------------------------------------

And In The Right Corner

What: Adding a legitimate but odd word at the far right of the subject line (typically preceded with lots of spaces and tabs). The word is design to poison a Bayesian filter and alter the spam's hash value.
Popularity: Rare
Complexity: Clever
Date added: June 18, 2003
Example from the wild: (Thanks for Gary Robinson for pointing this one out)

Subject: FEATURED IN MAJOR MAGAZINES algorithmic


--------------------------------------------------------------------------------

Camouflage

What: Like Invisible Ink, but instead of using identical colors (e.g. white on white) use very similar colors.
Popularity: Rare
Complexity: Very clever
Date added: June 2, 2003
Example from the wild: (The colors 1133333, 123939, and 423939 are chosen to be very similar without being the same)

<table bgcolor="#113333"><tr><td><font color="#123939">those rearing lands</font><br>
<table><tr><td><br><font color="yellow" size=5><b>Plasticine sex-cartoons.</b></font><br>
<font color="#423939">eel harness highest</font><br>
<font color="white" size=3>Absolutely new category of adu1t sites.
</td></tr></table>
<font color="#123939">nobody jets held<br>Northumbria- diamond sleep</font></td></tr></table>


--------------------------------------------------------------------------------

Honorary Title

What: Another way of hiding text in an HTML email by placing it in the <title> which is unlikely to be displayed by the email client.
Popularity: Rare
Complexity: Simple
Date added: May 27, 2003
Example from the wild:

<title>dinosaur reptile ghueej egrjerijg gerrg</title>


--------------------------------------------------------------------------------

No Whitespace No Cry

What: Since many languages separate words with spaces, and since many spam filters do the same this spammer decided that replacing spaces with something else was a good idea.
Popularity: Rare
Complexity: Dumb
Date added: May 15, 2003
Example from the wild:

DidAyouFknowNyouMcanBgetVprescriptionVmedications prescribedTonlineTwith
NORPRIORRPRESCRIPTIONRREQUIRED!
WeZhaveztheXlargestLselectionLofNprescriptionsNavailableZonline!

LowestzPrices -- NextzDayxDelivery


--------------------------------------------------------------------------------

Honey, I shrunk the font

What: Use very small (size 1) font to hide bogus text (see also The Black Hole)
Popularity: Rare
Complexity: Simple
Date added: April 6, 2003
Example from the wild: (Notice how the spammer didn't follow the instructions and managed to leave the instructions in the spam :-) (This spam also uses Invisible Ink for these words)

<p style="margin-bottom: -20"><font size="1" color="#FFFFFF">Random word of
BIG LETTERS with length 1 to 22 TSUTHRXJKVUVBECP</font></p>
<p style="margin-bottom: -20"><font size="1" color="#FFFFFF">Random word of
small letters with length 1 to 16 uyswdgueoclrwlf</font></p>
<p style="margin-bottom: -20"><font size="1" color="#FFFFFF">Random word of
mixed symbols with length 1 to 27 7y14R484w1m7531X</font></p>
<p style="margin-bottom: -20"><font size="1" color="#FFFFFF">Your text 9, note,
maximum length of tag is 255 symbols</font></p>
<p style="margin-bottom: -20"><font size="1" color="#FFFFFF"></font></p>


--------------------------------------------------------------------------------

Bogus Login

What: Use URL username@host syntax to disguise a URL.
Popularity: Rare
Complexity: Simple
Date added: April 6, 2003
Example from the wild: (this example also use % encoding of the URL to further disguise it)

<a href="http://1011100110010010100101010101010101010010110010100110011000101010
10010101010010101001010010101010100110011010101010010101001010011001010101010101
01011011010011100110@%68%6B%2E%67%65%6F%63%69%74%69%65%73%2E%63%6F%6D/%6C%6F%76%
65%67%69%6C%6C%67%69%6C%6C"><font color="#FFFFFF">Click Here</font></a>


--------------------------------------------------------------------------------

A Numbers Game

What: Use HTML entities instead of letters
Popularity: Rare
Complexity: Simple
Date added: April 1, 2003
Example from the wild:

Watch Dogs slurp you
ng girls puss


--------------------------------------------------------------------------------

The Black Hole

What: Use of font size 0 to break up words with zero width spaces
Popularity: Rare
Complexity: Clever
Date added: April 1, 2003
Example from the wild:

V<font size=0></font>i<font size=0></font>a<font size=0>
</font>g<font size=0></font>r<font size=0></font>a


--------------------------------------------------------------------------------

Speaking in Tongues

What: Large nonsense words designed to mess up CRC based spam identification
Popularity: Common
Complexity: Clever
Date added: January 17, 2003
Example from the wild:

crecrephaswukutugucrovazichonuprixisluwephimajoq


--------------------------------------------------------------------------------

Ze Foreign Accent

What: Replace letters with numbers or use nonsense accents
Popularity: Common
Complexity: Simple
Date added: January 17, 2003
Example from the wild:

V1DE0 T4PE M0RTG4GE

Fántástìç -- eárn mõnéy thrôugh unçõlleçted judgments


--------------------------------------------------------------------------------

Script Writer

What: Keep HTML body of email in a Javascript that fires when the email is opened
Popularity: Rare
Complexity: Clever
Date added: January 17, 2003
Example from the wild:

<HTML><HEAD><SCRIPT LANGUAGE="Javascript"><!-- var Words="%3CHTML%3E%0D%0A%3CHEAD%3E%0D
%0A%3CTITLE%3E%3C/TITLE%3E%0D%0A%3CMETA%20HTTP-EQUIV%3D%22Content-Type%22%20CONTENT
%3D%22text/html%3B%20charset%3DBig5%22%3E%0D%0A%3CMETA%20HTTP-EQUIV%3D%22Expires%22
%20CONTENT%3D%22Sat%2C%201%20Jan%202000%2000%3A00%3A00%20GMT%22%3E%0D%0A%3CMETA%20
HTTP-EQUIV%3D%22Pragma%22%20CONTENT%3D%22no-cache%22%3E%0D%0A%3C/HEAD%3E%0D%0A%3C
FRAMESET%20ROWS%3D%22100%25%2C0%22%20FRAMEBORDER%3DNO%20BORDER%3D%220%22%20
FRAMESPACING%3D0%3E%0D%0A%3CFRAME%20SRC%3D%22
http%3A//203.204.53.231/a1_K_2/e12w_k2/a_w_a_0__2k-1_second%22%20NAME%3D%22A
MENU%22%20SCROLLING%3DAUTO%20MARGINHEIGHT%3D0%20MARGINWIDTH%3D0%3E%0D%0A%3C
FRAME%20SRC%3D%22%22%20SCROLLING%3DNO%20noresize%3E%0D%0A%3C/FRAMESET%3E%0D%0A
%3CNOFRAMES%3E%0D%0A%3C/NOFRAMES%3E%0D%0A%3C/HTML%3E%0D%0A“ function
SetNewWords() { var NewWords; NewWords = unescape(Words); document.write(NewWords);
} SetNewWords(); // --> </SCRIPT> </HEAD> <BODY> </BODY> </HTML>


--------------------------------------------------------------------------------

Enigma

What: Use URL encoding to hide URLs
Popularity: Rare
Complexity: Clever
Date added: January 17, 2003
Example:

http://7763631671/obscure.htm
http://0xCeBF9e37/obscure.htm
http://0316.0277.0236.067/obscure.htm
http://3468664375@3468664375/o%62s%63ur%65%2e%68t%6D


--------------------------------------------------------------------------------

L O S T i n S P A C E

What: Insert spaces between letters to make words unrecognizable.
Popularity: Common
Complexity: Simple
Date added: January 17, 2003
Examples from the wild:

M O R T G A G E

F*R*E*E V’I’A’G’R’A O*N*L*I*N*E


--------------------------------------------------------------------------------

MIME is Money

What: Send two part MIME document, text/plain part contains bogus text, text/html part contains the spam message
Popularity: Rare
Complexity: Very clever
Date added: January 17, 2003
Example from the wild:

------=_NextPart_001_2D3DF_01C29D73.26716240
Content-Type: text/plain;
The modes of letting vacant farms, the duty of supplying buildings and permanent
improvements, and the form in which rent is to be received, have all been carefully
discussed in the older financial treatises. Most of these questions belong to
practical administration, and are, moreover, not of great interest in modern times.
Certain plain rules, may, however, be stated. The claims of successors to the late
tenant should not be overlooked; it is better for the tenure to be continued without
break, and therefore the question of new letting ought rarely to
occur.
------=_NextPart_001_2D3DF_01C29D73.26716240
Content-Type: text/html;
<p><b><font face=Arial>Now is the perfect time to get a mortgage,
and we have a simple and free way for you to get started.</font></b></td>

September 15, 2003: This trick seems to be getting more common.


--------------------------------------------------------------------------------

Slice and Dice

What: Use a table to send words through as individual letters arranged top to bottom but read left to right
Popularity: Rare
Complexity: Dastardly
Date added: January 17, 2003
Example from the wild:

<table cellpadding=0 cellspacing=0 border=0><tr>
<td><table cellspacing=0 cellpadding=0 border=0><tr><td>
<font face="Courier New, Courier, mono" size=2>
<br>U<br> <br>O<br>a<br> <br>D<br>u<br>a
<br> <br>N<br> <br>B<br>d<br> <br>N<br>
<br>C<br> <br>C<br>w<br> <br>1<br> <br>
<br> <br>1<br> <br>C<br>S<br></font></td></tr></table></td>
<td><table cellspacing=0 cellpadding=0 border=0><tr><td><font
face="Courier New, Courier, mono" size=2>
<br> N <br> <br>bta
<br>nd <br> <br>ipl<br>niv<br>nd <br>
<br>o r<br> <br>ach<br>ipl
<br> <br>o o<br> <br>onf<br>
<br>ALL<br>ith<br> <br> -
<br> <br> <br> <br>
- <br> <br>all<br>und<br></font></td></tr></table></td>
<td><table cellspacing=0 cellpadding=0 border=0><tr><td><font
face="Courier New, Courier, mono" size=2>
<br>I V<br> <br>in <br>the
<br> <br>oma<br>ers<br>lif<br> <br>equ
<br> <br>elo<br>oma<br> <br>ne <br>
<br>ide<br> <br> NO<br>in <br>
<br>3 1<br> <br>
<br> <br>2 1<br> <br> 24<br>ays
<br></font></td></tr></table></td>
<td><table cellspacing=0 cellpadding=0 border=0><tr><td><font face="Courier
New, Courier, mono" size=2>
<br> E<br> <br>a <br> a<br>
<br>s <br>it<br>e <br> <br>ir<br> <br>rs<br>s
<br> <br>is<br> <br>nt<br> <br>W
<br>da<br> <br> 2<br> <br> <br>
<br> 2<br> <br> h<br> a<br></font></td></tr></table></td>


--------------------------------------------------------------------------------

Hypertextus Interruptus

What: Split words using HTML comments, pairs of zero width tags, or bogus tags
Popularity: Common
Complexity: Clever
Date added: January 17, 2003
Examples from the wild:

milli<!-- xe64 -->onaire

Fi</n>nd N</n>ew </n>Fri</n>end</n>s

Vi<b></b>agra

F<XYZ>r<XXYA>ee

September 15, 2003: Another example comes from Tim Peters, this uses a Microsoft-only HTML tag <comment> to insert ignored text into the word Viagra:

Via<comment>6q5r7</comment>gra


--------------------------------------------------------------------------------

The Daily News

What: Insert a piece of current news in a bogus HTML tag.
Popularity: Rare
Complexity: Clever
Date added: January 17, 2003
Example from the wild:

<Despite statements last week from chief U.N. inspector Hans Blix that
full cooperation was expected from Iraq, Iraqi Foreign Minister Naji
Sabri lashed out at the United Nations in a 19-page letter to Secretary-
General Kofi Annan written in Arabic. In it, Sabri repeated previous
claims that Iraq has no weapons of mass destruction and that the inspections
are just a false pretense for the United States and Britain to attack his
country. Sabri assailed U.N. Security Council resolution 1441, adopted
November 8, that called for Iraq to give immediate, unfettered access
to weapons inspectors. Iraq "is being subjected to terrorism for more than
30 years from international and regional powers," he wrote. "And Iraq's under
a daily aggression represented in the terrorism of the U.S. and Britain through
the imposition of the no-fly zones." Iraq has shot at U.S. and British aircraft
repeatedly in the no-fly zones since they were established after the Persian
Gulf War, and coalition aircraft have fired on Iraqi bases in response. In
the most recent action, coalition aircraft struck a mobile radar system
Saturday in the southern no-fly zone, according to the U.S. Central Command.
The Iraqi News Agency said the aircraft fired on civilian and service
facilities. After Iraq fired on U.S. and British planes last week, U.S.
officials said the attacks constituted a "material breach" of Resolution 1441,
which could trigger a meeting of the U.N. Security Council at which the
United States could call for military action against Iraq>


--------------------------------------------------------------------------------

The Big Picture

What: The entire email consists of a small HTML page consisting of an image enclosed in a single hyperlink.
Popularity: Common
Complexity: Simple
Date added: January 17, 2003
Example from the wild:

<html>
<img src="http://www.your-info-station.com/Sla/chalkboard.gif">
<div><a href="http://www.your-info-station.com/Sla/eb.php?x=52c">
<img src="http://www.your-info-station.com/Sla/pitch.gif">
</a></html>

April 29, 2003: Scott Schram points out that some instances of this are being sent with valid but unrelated text before and after the image.


--------------------------------------------------------------------------------

Invisible Ink

What: Use of white text on a white background containing words designed to confuse a filter.
Popularity: Common
Complexity: Clever
Date added: January 17, 2003
Example from the wild:

<font color="white" size="-1">search words: suspensory obscure
aristocratical meningorachidian unafeared brahmachari</font>

[allenb1963]

www.mailwasher.net ....you'll have to pony up some cash for the paid version that includes hotmail compatibility, but it is by far my fav email filtering app....lets you check your mail while it's still on the server and delete the crap without it ever actually getting into the inbox on your machine.

[Spyder32]

without it ever actually getting into the inbox on your machine.

Sounds like a great filtering program, might as well BE the inbox Thanks for the link ab1963 I might pay for the paid version because I have hotmail but it seem's like it'll be worth it.

[gore]

I'm a little bit shocked. Some E-mail software will let you block everything except what you have in your address book, and there STILL is no Worm or Virus that will add spammers into your e-mail address?

Did I miss one that does? Or did I just give 2,000 spammer *******s a good idea?

[Ghost_25inf]

You know I have no filters set and have had my email account for about 2 years at hotmail and I hardly ever get spam. Must be because of the complex name of the account. You see my hotmail account name looks like this Firstname_Middle_Lastname@hotmail.com and spammers use easy names to spam. So get a more complex account and you shouldnt have a problem with spam. another good Idea is when you need to give out an email address use an account you dont care if you get spammed.

[thehorse13]

...Must be because of the complex name of the account and spammers use easy names to spam...

The complexity of your name has nothing to do with it nor do spammers have "preferred" naming conventions. What matters is your habbits online. If you fill out forms on the net, such as contests and other useless ****, then get ready. The SPAM is comin! Also, if you post your e-mail address on forums, newsgroups, bloggers, etc. the same will certainly occur. One annoying factor is companies that end up releasing your information. This happens more than any of us would like to believe. There was a scam (can't remember how long ago) that went something like this:

1) You sign up for their service and the agreement had all kinds of protection for your personal info.
2) Suddenly there was a buyout by a company who has no protection for personal data
3) Your data gets sold for phat bling to whoever pays up
4) The cycle repeats

Anyway, the point is that spammers use all kinds of dastardly methods to collect addresses. They don't discriminate based on your e-mail address complexity.

--TH13

[Spyder32]

To add to what thehorse13 said, it only add's more to the simple fact that you should do your best to remain anonymous (and as anonymous as you can) while online. If you do that and you take careful measure's to make sure your e-mail address isn't distributed outside the people you know, then you shouldn't worry all to much about spam.

[GSXR600K1]

What I did was setup a second account. I used the second account so companies can send an e-mail to it and I can then activate product. I never check it for e-mails. Just let the e-mail company clean it up for me.