SOURCE: Cloudmark

July 16, 2008 10:22 ET

Cloudmark Identifies Crafty Spam Techniques

Sneaky Techniques Spammers Use in Their Attempts to Bypass Filters

SAN FRANCISCO, CA--(Marketwire - July 16, 2008) - Cloudmark, Inc., the global leader in carrier-grade messaging security, today released a list of common techniques now being employed by email spammers, based on analysis of the billions of messages that Cloudmark scans each day.

Spam now constitutes between 90 to 95 percent of all email traffic in the U.S., and in an effort to penetrate inboxes, spammers and hackers are taking new approaches in an effort to evade traditional spam filters.

As part of Cloudmark's continual analysis of global spam, it has identified several crafty spamming techniques seen this year:

--  The 'lite brite' attack -- These attacks see spammers position a
    collection of characters to take the form of larger letters, which spells
    out a word. For example, using many iterations of a stock symbol to spell
    out the word "BUY" in an effort to promote the stock.
--  Character manipulation -- Email addresses, IM usernames and phone
    numbers are commonly included in spam -- some spammers will use inventive
    spelling techniques to proliferate their messages, replacing characters
    with "visual puns" for example '0' for 'o' and '1' for 'i.' More creative
    spammers may sometimes also use ambiguous content. For example, advertising
    a product and telling recipients to 'email me or im me at jeffbr0ck
    |replace with @| yahoo |put dot here| com.'
--  Unusual linking -- There are many ways to write characters into a
    clickable URL. For example, URI encoding and entity encoding can place
    unprintable characters into an http link without breaking it. Spammers are
    taking this practice to an entirely new level, finding ways to format URLs
    that, despite not conforming to published web standards, will still be
    clickable through certain email clients, web interfaces and other online
--  Domain domination -- Spammers are buying and hosting a range of
    different domain names with similar characteristics, for example
    ',' ',' and
    '' This relatively simple, but effective, technique
    takes a legitimate-sounding domain and then permutes it many times.
    Spammers expect that recipients would be more likely to click on these
    domains than ones that are randomly-generated and nonsensical.
--  Image imposters -- Spammers can disguise their campaigns as images,
    attempting to bypass basic filters that only pick up on text-based spam.
--  Stock scam scramble -- Stock scams are on the rise in email spam, with
    spammers further scrambling the content in order to bypass filters. A
    recent stock scam attack saw spammers scramble their message to such a
    degree that neither the company name nor the advertised ticker symbol was
    spelled correctly.

"As spam filters getting more sophisticated and accurate, spammers are getting craftier in their attacks and more creative with their approach. The over-the-top and in some cases, almost amusing, lengths spammers are taking in their attempts to bypass spam filters really showcases their desperation" said Jeremy Robin, spam accuracy researcher at Cloudmark. "While attacks continue to get more sophisticated, Cloudmark stays one step ahead through the unique combination of its Advanced Message Fingerprinting™ algorithms and feedback from its Global Threat Network™ technology, which can spot spam regardless of language, format and encoding."

Notes to editors

Pictorial examples of the six craftiest spam attacks for 2008 to date are available by contacting Payal Cudia at 415-512-0770 or

About Cloudmark

Cloudmark, Inc. is a global leader in carrier-grade messaging security, delivering the most accurate, high-performance and comprehensive real-time spam, virus and phishing protection for fixed, mobile and social networks. Cloudmark patented solutions combine Advanced Message Fingerprinting technology based on innovative, highly efficient algorithms and a Global Threat Network consisting of trusted reporters in every country across the globe to provide security intelligence and filtering at all points of the messaging infrastructure. Cloudmark solutions protect more than 700 million mailboxes for the world's largest service provider networks, including over 75 percent of major ISPs in the United States and Japan. Cloudmark's customers include Swisscom, EarthLink, Comcast, Tele2, Thus, NTT OCN and XS4ALL (KPN) as well as leading hosting providers, Mailtrust, domainFACTORY, Intergenia and others. Cloudmark is a privately held company headquartered in San Francisco with offices in London, Tokyo, Beijing and Hong Kong. For more information, please visit

Contact Information