Click Here For JSpamFilter Click Here For Latest Downloads. Click Here To Request A Free Trial Of JSpamFilter. Click Here To Purchase JSpamFilter. Click Here For Our Support Section. Click Here For The JSpamFilter Manual. Click Here For A List Of Our FAQs. Click Here For The SiteMap. Click Here To Contact Us. Click Here For Information About Modest Software.

Modest Software, Inc.

 : Content Filtering: Document Mark-Up and Obfuscation Filters
Back to JSpamFilter Feature List Index
Previous Section Key Words and Key Phrases Relay protection is built-in Next Section
JSpamFilter performs both message content and document structure analysis.
  • JSpamFilter also tests the message content for document mark-up tricks and exploits used by spammers to camouflage and conceal their message and confound content filters.
  • These exploits involve malformations of document structure by the inclusion of spurious, artificial mark-up elements or un-needed encoding.

JSpamFilter first processes the message to remove the clutter and debris that are introduced by the spammer to mask message content. The "redacted" document* is then analyzed by the content filters described in the previous section.

*That is, after JSpamFilter has removed the clutter added by the spammers to obscure their message, it analyzes the underlying message.

Common tricks include:

  1. d00d-speak**: the substitution of numbers and symbols for letters to disguise the words that are spelled out. For instance,
    \/\/ e1com3 would not be read by a filter as "welcome" because the "w" is constructed from forward- and back- slashes, the letter "l" is in fact the number one, and one "e" is replaced by a 3.
  2. Faux-HTML Obfuscation: the use of artificial HTML tags that won't be rendered by the email client but are invisible and break up words to obscure their meaning.
  3. Unnecessary Encoding and Character Sets: use of character sets or encodings for a language not used in the message.
  4. Base64 Encoding: encoding the message content in a non-ASCII format to thwart deciphering the text. Email clients will render Base64 text into the ASCII equivalents.
**Named after the old self-reference "d00d": notice that d00d is spelled with two zeros. It is the case that d00d-speak pre-dated it's abuse in spam email.

JSpamFilter can be set also to refuse non-standard mail protocols: the mail protocol XECH50, used by versions of Microsoft Exchange mail server have been abused by spammers attempting to bypass SMTP-protocol based filters.

Full details of the content test parameters can be found in the JSpamFilter Manual Sections:
Previous Section Key Words and Key Phrases Relay protection is built-in Next Section

JSpamFilter  |  Free Trials  |  About Us  |  Privacy  |  Contact  |  License  |  Site Map

Copyright ModestSoftware 2002 - 2019