BackgroundI gave a talk entitled The Spammers' Compendium at the MIT Spam Conference and decided to keep it updated in a non-Powerpoint form. Hence this page was born. I last updated it on September 15, 2003 Each entry consists of five items: What: Simple description of the entry Popularity: How common the trick is: common, sometimes, rare Complexity: How complex the trick is: simple, clever, dastardly Date added: When this entry was made Example from the wild: Actual example from email seen in the wild The TricksThe Big PictureWhat: The entire email consists of a small HTML page consisting of an image enclosed in a single hyperlink. Popularity: Common Complexity: Simple Date added: January 17, 2003 Example from the wild: 
April 29, 2003: Scott Schram points out that some instances of this are being sent with valid but unrelated text before and after the image.
Invisible InkWhat: Use of white text on a white background containing words designed to confuse a filter. Popularity: Common Complexity: Clever Date added: January 17, 2003 Example from the wild: search words: suspensory obscurearistocratical meningorachidian unafeared brahmachari
The Daily NewsWhat: Insert a piece of current news in a bogus HTML tag. Popularity: Rare Complexity: Clever Date added: January 17, 2003 Example from the wild:
Hypertextus InterruptusWhat: Split words using HTML comments, pairs of zero width tags, or bogus tags Popularity: Common Complexity: Clever Date added: January 17, 2003 Examples from the wild: millionaireFind New FriendsViagraFree September 15, 2003: Another example comes from Tim Peters, this uses a Microsoft-only HTML tag to insert ignored text into the word Viagra: Via6q5r7gra
Slice and DiceWhat: Use a table to send words through as individual letters arranged top to bottom but read left to right Popularity: Rare Complexity: Dastardly Date added: January 17, 2003 Example from the wild: (picture)
MIME is MoneyWhat: Popularity: Complexity: Date added: Example from the wild:------=_NextPart_001_2D3DF_01C29D73.26716240Content-Type: text/plain;The modes of letting vacant farms, the duty of supplying buildings and permanentimprovements, and the form in which rent is to be received, have all been carefullydiscussed in the older financial treatises. Most of these questions belong topractical administration, and are, moreover, not of great interest in modern times.Certain plain rules, may, however, be stated. The claims of successors to the latetenant should not be overlooked; it is better for the tenure to be continued withoutbreak, and therefore the question of new letting ought rarely tooccur.------=_NextPart_001_2D3DF_01C29D73.26716240Content-Type: text/html;Now is the perfect time to get a mortgage,and we have a simple and free way for you to get started.
L O S T i n S P A C EWhat: Popularity: Complexity: Date added: Examples from the wild:M O R T G A G EF*R*E*E V扞扐扜扲扐 O*N*L*I*N*E
EnigmaWhat: Popularity: Complexity: Date added: Example:http://7763631671/obscure.htmhttp://0xCeBF9e37/obscure.htmhttp://0316.0277.0236.067/obscure.htmhttp://3468664375@3468664375/o%62s%63ur%65%2e%68t%6D
Script WriterWhat: Popularity: Complexity: Date added: Example from the wild:<script LANGUAGE="Javascript"></script>
Ze Foreign AccentWhat: Popularity: Complexity: Date added: Example from the wild:V1DE0 T4PE M0RTG4GEF醤t醩t扃 -- e醨n m鮪閥 thr魎gh un珲lle鐃ed judgments
Speaking in TonguesWhat: Popularity: Complexity: Date added: Example from the wild:crecrephaswukutugucrovazichonuprixisluwephimajoq
The Black HoleWhat: Popularity: Complexity: Date added: Example from the wild:V i a g r a
A Numbers GameWhat: Popularity: Complexity: Date added: Example from the wild:Watch Dogs slurp young girls puss
Bogus LoginWhat: Popularity: Complexity: Date added: Example from the wild:Click Here
Honey, I shrunk the fontWhat: Popularity: Complexity: Date added: Example from the wild:Random word ofBIG LETTERS with length 1 to 22 TSUTHRXJKVUVBECP Random word ofsmall letters with length 1 to 16 uyswdgueoclrwlf Random word ofmixed symbols with length 1 to 27 7y14R484w1m7531X Your text 9, note,maximum length of tag is 255 symbols
No Whitespace No CryWhat: Popularity: Complexity: Date added: Example from the wild:DidAyouFknowNyouMcanBgetVprescriptionVmedications prescribedTonlineTwith NORPRIORRPRESCRIPTIONRREQUIRED! WeZhaveztheXlargestLselectionLofNprescriptionsNavailableZonline! LowestzPrices -- NextzDayxDelivery
Honorary TitleWhat: which is unlikely to be displayed by the email client. <BR><B>Popularity:</B> Rare <BR><B>Complexity:</B> Simple <BR><B>Date added:</B> May 27, 2003 <BR><B>Example from the wild:</B> <PRE><title>dinosaur reptile ghueej egrjerijg gerrg
CamouflageWhat: Popularity: Complexity: Date added: Example from the wild: U O a D u a N B d N C C w 1 1 C S
|
| N bta nd ipl niv nd o r ach ipl o o onf ALL ith - - all und |
| I V in the oma ers lif equ elo oma ne ide NO in 3 1 2 1 24 ays |
| E a a s it e ir rs s is nt W da 2 2 h a
|
| Send two part MIME document, text/plain part contains bogus text, text/html part contains the spam message Rare Very clever January 17, 2003 September 15, 2003: This trick seems to be getting more common. Insert spaces between letters to make words unrecognizable. Common Simple January 17, 2003 Use URL encoding to hide URLs Rare Clever January 17, 2003 Keep HTML body of email in a Javascript that fires when the email is opened Rare Clever January 17, 2003 Replace letters with numbers or use nonsense accents Common Simple January 17, 2003 Large nonsense words designed to mess up CRC based spam identification Common Clever January 17, 2003 Use of font size 0 to break up words with zero width spaces Rare Clever April 1, 2003 Use HTML entities instead of letters Rare Simple April 1, 2003 Use URL username@host syntax to disguise a URL. Rare Simple April 6, 2003 (this example also use % encoding of the URL to further disguise it) Use very small (size 1) font to hide bogus text (see also The Black Hole) Rare Simple April 6, 2003 (Notice how the spammer didn't follow the instructions and managed to leave the instructions in the spam :-) (This spam also uses Invisible Ink for these words) Since many languages separate words with spaces, and since many spam filters do the same this spammer decided that replacing spaces with something else was a good idea. Rare Dumb May 15, 2003 Another way of hiding text in an HTML email by placing it in the Like Invisible Ink, but instead of using identical colors (e.g. white on white) use very similar colors. Rare Very clever June 2, 2003 (The colors 1133333, 123939, and 423939 are chosen to be very similar without being the same) |