 |
|
-
JSpamFilter also tests the message content for document mark-up tricks and exploits used by spammers to camouflage and conceal their message and confound content filters.
-
These exploits involve malformations of document structure by the inclusion of spurious, artificial mark-up elements or un-needed encoding.
|
|
|
| JSpamFilter first processes the message to remove the clutter and debris that are introduced by the spammer to mask message content.
The "redacted" document* is then analyzed by the content filters described in the previous section. |
|
| *That is, after JSpamFilter has removed the clutter added by the spammers to obscure their message, it analyzes the underlying message. |
|
| Common tricks include: |
|
- d00d-speak**: the substitution of numbers and symbols for letters to disguise the words that are spelled out. For instance,
\/\/ e1com3 would not be read by a filter as "welcome" because
the "w" is constructed from forward- and back- slashes, the letter "l" is in fact the number one, and one "e" is replaced by a 3.
- Faux-HTML Obfuscation: the use of artificial HTML tags that won't be rendered by the email client but are invisible and break up words to obscure their meaning.
- Unnecessary Encoding and Character Sets: use of character sets or encodings for a language not used in the message.
- Base64 Encoding: encoding the message content in a non-ASCII format to thwart deciphering the text. Email clients will render Base64 text into the ASCII equivalents.
|
|
| **Named after the old self-reference "d00d": notice that d00d is spelled with two zeros.
It is the case that d00d-speak pre-dated it's abuse in spam email. |
|
| JSpamFilter can be set also to refuse non-standard mail protocols: the mail protocol XECH50, used by
versions of Microsoft Exchange mail server have been abused by spammers attempting to bypass SMTP-protocol based filters. |
|
| Full details of the content test parameters can be found in the JSpamFilter Manual Sections:
|
