metrosantacruz.com
News, music, movies, events & restaurants in Santa Cruz, California from Metro Santa Cruz weekly

Columns
December 13-19, 2006

home | metro silicon valley index | columns | technology news


Technology News - Annalee Newitz

Technology News

The Meaning of Spam

By Annalee Newitz


I SPEND an inordinate amount of time wondering why my spam looks the way it does. Until quite recently, I received about 20,000 spam emails every day. The poor little Bayesean filter in my Thunderbird email program couldn't keep up and would routinely barf when confronted with such huge piles of crap from "Nuclear R. Accomplishment" with the subject line "$subject" and a message body full of random quotes from Beowulf.

Before I finally fixed my spam problem—oh, blissfully small inbox!—I developed a few vaguely paranoid theories. Briefly, I imagined spammers were spying on my inbox and culling sender names from it that matched those of my friends. In my saner moments, I would wonder why exactly spam evolved to look the way it does. Why do spammers keep sending me pictures of pink, bouncy letters that spell "mortgage," followed by text from a random website? And why, oh, why do they send me emails containing nothing but the cryptic line "He said from the doorway, where she"? How can that be good business sense?

So I called expert Daniel Quinlan, who is an anti-spam architect at Ironport Systems, as well as a contributor to open-source anti-spam system Spam Assassin. He patiently listened to me rant about my email problems—I think anti-spam experts are sort of like geek therapists—then explained why I receive spam from random dictionary words strung together into a name like Elephant Q. Thermodynamic.

It's done to fool any spam filter that refuses to receive email from somebody who has already sent you spam in the past. "They want to create a name that your spam filter has never seen before," Quinlan said. It turns out that every weirdness in my spam is "probably there for a good reason," according to Quinlan. In the arms race between spammers and anti-spammers, spammers try every trick they can to circumvent filtering software.

Often, the spams you get are the result of months or years of this arms race. For example, spammers of yesteryear started sending images instead of text, so that spam filters looking for text like "viagra" would be fooled. Instead, the image would contain the word viagra, but filters would see only an image and let it through.

In response, anti-spam software began tossing emails that contained only an image, since ham containing an image typically has some text with it like "check out my pictures from Hawaii" or whatever. Rarely does a real person send just an image.

Quinlan says spammers figured out their pictures were being chucked, so they started adding a few random words to their mail and got through the filters again. Then anti-spammers started chucking emails with images that also contained random words that didn't make sentences.

And that's why, today, you get images with chunks of text taken from random books or websites. As long as the text fits into sentences and isn't random words strung together, spam filters have a harder time figuring out if the mail is spam or ham.

Spammers also send slightly different images every time, so that spam filters can't identify the image itself as spam. And they fill the images with bouncy, pink letters advertising their crap because character recognition software can't read bouncy letters. So any spam filter that uses character-recognition software to look at text in images to find spam will be fooled.

OK, so there is a reason behind the madness. But how would Quinlan explain the spam I get that contains no advertisement for anything, no links or images, and instead merely quotes some random passage from Dostoevsky? Quinlan says there's no way to know for sure, but the reigning theory among anti-spam experts is that it is part of what is called a "directory harvest attack," in which the spammer tries to figure out if there is a real person behind a randomly chosen email address.

The spammer sends out millions of innocuous emails and may get a slightly different response from the mail server if the mail has reached an actual person. Once the spammer has established that certain addresses are valid, he can send his real spam and be sure that he's reaching an inbox.

All of this sounds perfectly reasonable. Spammers are doing bizarro things to get their messages out. But why do I sometimes get a spam with the subject line "$subject"? Why would I ever be fooled into thinking that was a piece of legitimate email? "That's just some spammer who doesn't know how to use his spamware," Quinlan says simply. "Sometimes spammers do things that are—for lack of a better word—dumb."


Annalee Newitz (annalee@techsploitation.com) is a surly media nerd who is in recovery from receiving spam.


Send a letter to the editor about this story.