McAfee publish a list of the top 10 spam subject lines, because of the work done by their threat research and filtering labs as well as customer feedback, and the latest for July shows how the spammer is now concentrating more on ID theft and less on helping you achieve sexual satisfaction or financial security. Certainly comparing the current subject lines with those from other surveys that have crossed my path over the years makes for interesting reading, in a spam threat evolving without end kind of a way.
Let us get July 2006 out of the way first, the 10 most popular (not with me buddy, but there you go) spam subject lines were:
- Message from eBay Member
- PayPal Notification
- Restore Your Account Access
- Chase Online Banking Service
- eBay Member email@example.com
- eBay Item Not Received Dispute Opened for Item
- Question from eBay member
- Question from eBay Member
- Barclays International informs you
- Amazon.com – Account maintenance – Profile Update
Interestingly, if you compare this with the 10 most common subject lines received by McAfee from customers reporting spam during the 24 hours prior to me writing this posting the threat spread is a little wider in focus:
- Regular verification of Internet Banking Accounts!
- more than any other guy
- Separate yourself from other men
- you have new mail from Natalia
- cheap oem soft shipping //orldwide
- Say No to pain
- Need S0ftware?
- Message subject
But go back to last year, and according to AOL who published their top 10 list of spam subjects from the total of 556 billion spams, an average of 1.5 billion messages per day, that they filtered before reaching members mailboxes, and the picture looks like this:
- Donald Trump Wants You - Please Respond
- Double Standards New Product - Penis Patch
- Body Wrap: Lose 6-20 inches in one hour
- Get an Apple iPod Nano, PS3 or Xbox 360 for Free
- It's Lisa, I must have sent you to the wrong site
- Breaking Stock News** Small Cap Issue Poised to Triple
- Thank you for your business. Shipment notification
- Your Mortgage Application is Ready
- Thank you: Your $199 Rolex Special Included
- Online Prescriptions Made Easy
Lots of ‘special order spam’ attempting to cash in, literally, on newbies fear of credit card fraud and the threat of transactional fraud I note, but not a great deal of phishing evident and even less of the sexually provocative stuff that dominated spam a decade ago. Even so, it did show a marked change from a couple of years before, when FrontBridge released the most common spam subject line during the first half of 2003:
- RE: Information you asked for
- Check this out!
- Is this your email?
- Please resend the email
- RE: your order
- Past due account
- Please verify your information
- Version update
- RE: 4th of July
This list shows a propensity towards the social engineering trick of personalization and interaction, pretending to be from someone you know or have dealt with recently.
It is all well and good looking back, of course, but keeping ahead of the game now and for the future is more important. Luckily, most ISPs and email service providers do implement some kind of filtering mechanism, although to varying degrees of success. Oddly enough this can often be directly related to if the filtering is a value added commercial service and if so how deeply you have to dig into your pocket to add it. But that might just be my overly cynical approach to things kicking in, I guess. One thing is sure; the outright scumbag spammer is doing pretty well in keeping one step ahead of the game. Spam traffic certainly is not on the decline, despite legislative and technological advances to ensure the contrary.
Things are tough for the legitimate email marketer who gets caught up in the mixed metaphorical fray and tarred with the same brush. Most spam filtering relies upon a weighting system whereby points are added to a message based upon variables such as subject, content, HTML coding, unsubscribe text and even time/date stamping.
So, for example, a long message header may incur a 2.5 score, small font size in HTML coding 2.2, host HELO not matching rDNS a 1.8, subject starts with Hello 1.4, date is 6 to 12 hours after received date 1.1, and subject is all upper case 0.8. Do enough things wrong, and because the rating system is cumulative you will get filtered out when you hit a 5.
Spammers have realized that, for now, one way to circumvent such text filtering mechanisms is to filter all text out of the message. Yep, spam as a graphic has become one of the most annoying trends of late in my never at all humble opinion. Damn stuff may not be machine readable, but I am not a machine (despite what my wife might argue to the contrary.) Thankfully, the Outlook client here is set up to display messages and message previews as plain text only from all untrusted sources and filters images out unless I choose differently. Barracuda Networks have come up with a slightly more complex solution for bigger enterprises and ISPs: software that combines message fingerprinting with OCR to read text embedded within a graphic. By cross-referencing parts of the image with a database of known graphical spam it can quickly determine the chances of the image being spam or not and filter accordingly.
Unfortunately, you just know that pretty soon spammers will be sidestepping this technology and moving on to the next annoying filtration avoidance quick fix. There must be an answer to spam, but I am at a loss to know what it is. Sender ID schemes have failed miserably because too many people just cannot be bothered to jump through hoops to verify their ID just to read an email from someone whom they might not even know or care about. Proactive schemes like the late lamented Blue Frog which attempted to hit the spammers, and those who use their services, where it hurts most (in the wallet) have crashed and burned. See my earlier posts here and here for all the details.
If you have any great ideas, I am sure I would not be alone in being happy to hear them...