"Lighthouse Afghan" fools Outlook spam filter

Spammers are inserting hidden words into their email messages to fool Microsoft Outlook's built-in anti-spam technology.

As spam-filtering technologies become more common, spammers have altered the construction of their messages to avoid detection. Although spam is very simple for a human to spot, the artificial intelligence systems used by junk filters rely on spotting obvious keywords, applying statistical theories to messages, and using rule-based systems to try and differentiate between wanted and unwanted emails.

The latest version of Microsoft Outlook is armed with a Bayesian filter, which tries to recognise spam by looking at the words used in an email and, depending on the frequency of certain key words, calculating the probability of that email being spam.

John Cheney, CEO of email security firm BlackSpider Technologies, said to get past the Bayesian methods, spammers have started hiding words that are not usually associated with spam at the bottom their emails: "At the bottom of the message they have included a whole load of keywords that are used to fool the Bayesian filters - they are in a tiny font and in the same colour as the background," he said.

"These messages are designed to fool the Outlook 2003 filters because there are a lot of words in there that don't look spam-like and they would weight the email as a normal email rather than a spam email," he said.

Another trick used by spammers to bypass junk-email filters is to write their messages using accented characters in their messages to makes obvious spam keywords, such as Viagra, look like a legitimate word written in a foreign language.

Some of the most recent examples of anti-junk-mail combine accented characters to make messages written in English look like they are written in a foreign language. Because the majority of Spam originates in the US, most spam is written in English, so many email filters ignore non-English spam. For example, if a spam keyword was "enhancer" and the spam included the word "ènháncer", the message would be allowed to pass.

Alun Davies, European VP of marketing at internet software firm Rockliffe, said his company's products will soon be updated to filter out this relatively recent development: "A large percentage of our MailSite email server customers do not use English as their main language, so for some time we have been aware of the need for spam filtering technology that can recognise accented characters and non Latin characters," he said.

Blackspider's Cheney said that yet another relatively successful spamming technique hides the spammers message by inserting HTML code between the words. Because most mail clients automatically render HTML messages, users don't see the tags, just the message: "HTML tags are typically used to make words bold or red or something like that, but these are general tags that don't actually affect the appearance of the message but they do confuse the lexical analysers," he said.

Munir Kotadia writes for ZDNet UK