Spammers Use Word-Joiner Characters to Encode URLs

Spammers use a variety of tricks and tactics to try and hide the URLs that link spam emails to their spam hosting websites from the various email filtering programs that are trying to catch them.

Many, if not most, of these tricks depend on the fact that today’s browsers (which are used by email programs to display html emails) are extremely forgiving when it comes to non-standard and broken html.

In an effort to be more helpful to end-users, browsers will commonly remove, fix and/or convert many non-human-readable characters.  As a result, the spammer’s hyper-links and URLs can look perfectly normal when viewed within a browser, or to the person reading the email. But, at the same time, these encoded URLs do not appear correctly to many spam filtering programs.

The latest example is the use of  ‘WORD JOINER’ characters.  These characters were never intended to be used in web pages.  Rather, they were created to affect the way text strings are collated, matched or otherwise processed by various text processing programs.

For example, using Word Joiner the characters spelling the domain “spam.com” can be encoded as:

s⁠p⁠a⁠m⁠.⁠c⁠o⁠m

If run through many spam filter based this won’t match the domain “spam.com” but will appear perfectly normal when viewed through a typical email client application.

The good news is that it is even mildly sophisticated spam filtering solutions can find these characters and also recognize this tactic, using the attempt against the spammers.

In the end, using these encoding tactics to obfuscate their spam web site URLs can actually make it easier to identify and block the spammer’s emails in the first place.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , ,

Comments are closed.