New 'field guide' collects spammers tricks

"Mini marquee?" "Lost in Space?" "Hypertextus Interruptus?" Which is your favorite spam technique?

If those names don't ring a bell, perhaps you should refer to the new "Field Guide to Spam," published by enterprise e-mail company ActiveState Corp. The company calls the new online guide a "living compilation" of the tricks spammers use to slip their unsolicited e-mail messages by antispam filters.

The new guide was conceived by ActiveState Antispam Research Director John Graham-Cumming to quantify spam techniques.

The Field Guide provides a comprehensive listing and explanation of spam techniques that administrators can use to keep abreast of the ever-changing tricks used by spammers, according to ActiveState.

More than 20 different spam techniques are documented. Each is named and rated for popularity and complexity. ActiveState researchers categorized the techniques as either "common" or "rare," and assigned complexity ratings that range from "dumb" to "dastardly."

In a few minutes, readers can brush up on run-of-the-mill ruses like "Lost in Space," in which the spammer inserts spaces between the letters of common spam "trigger" words such as mortgage and Viagra.

Or readers can revel in the subtlety of dastardly techniques like "Slice and Dice," in which a spreadsheet-like HTML (Hypertext Markup Language) table breaks up the content of the spam message, with each cell in the table containing a single letter of the message.

A section on advanced tricks explains how spammers combine multiple techniques in a single message, while also using more technical means for avoiding detection, such as message encoding.

Techniques listed in the Field Guide are used to create heuristic tests that ActiveState's PureMessage e-mail filtering product relies on to spot spam messages, but don't account for all the various types of spam messages, said Jesse Dougherty, director of development at ActiveState.

"These are the techniques used by rogue spammers to hide the content they're sending, usually because it's offensive," he said.

Vancouver-based ActiveState will update the Field Guide whenever new techniques appear and hopes that the catalog helps organizations develop policies to weed out the bothersome messages, Dougherty said.

"Part of industry's challenge is defining spam," Dougherty said. "One test is asking 'Are they trying to trick me?' If an organization cannot verify that a message is not offensive, they can reject it," Dougherty said.

He expects the Field Guide to grow, perhaps to as many as a couple hundred different spam techniques, and hopes that other companies will learn from the guide and contribute to it.