Home > Articles > Security > Network Security

  • Print
  • + Share This
This chapter is from the book

2.9 Loose Ends

Most spam email is trying to sell something to the recipient and thus needs to entice the recipient into contacting the spammer. As you have seen, finding a website buried inside spam email can be tricky. But the effort is worthwhile because most spam email sells by tricking or enticing the user into clicking on a website.

Some spam omits a web reference and instead provides a phone number. Because there is no universal standard for the appearance of phone numbers, detection of phone numbers is more an art than a science. Consider, for example, the following ways to hide phone numbers:

Call now! 1 8 0 0 (yes the call is free!) 555 12 12
Dial one eight-hundred 555 1234
Ring us at 800 LLL-LUCK

Fortunately, the use of phone numbers is rare (probably because spammers don't want to give out their phone numbers). But if a URL is missing and if a phone number is easy to find (that is, if it is not an image), look for a phone number instead.

Even more rare, instead of a URL you will find only an email address. On those rare instances when only an email address is available, record it.

Note that some spam doesn't want you to connect at all. It merely recommends a stock or a product and hopes the recommendation will cause you to buy. Obviously this type of spam is very difficult to detect the first time detection is attempted. But note that its pattern can later be recognized as spam once a human has categorized it, as with a Bayesian filter (see section 11.8).

Finally, of course, a tiny amount of spam is not motivated by sales at all. Some is religiously or politically motivated. During one month, for example, the authors were spammed with dozens of requests to read and live by a psalm in the Bible, where the spam recommended a different psalm in each mailing. Such altruistic spam is the hardest of all to detect.

  • + Share This
  • 🔖 Save To Your Account