Take a close look at the message below, and then continue reading:
Is this message spam or not? It looks related to a well-known brand, and looks fairly innocuous–submit a survey, get a gift card. It does sound a bit too good to be true, and the mailing address for the unsubscribe link looks a bit strange.
The things that make the message definitely 100% spam are the things you can’t see. In several different ways the spammer sending this message is using techniques to circumvent spam filters, including the following:
- Sending from an IP address that has never sent mail before. Using a brand new IP address circumvents real time IP blacklists and exploits default throttling policies that can allow a spammer to send many messages before being blacklisted.
- The html message content includes meaningless word salad in several blocks of html comments. This is usually an attempt to confuse Bayesian spam filters that use word frequencies to determine spam/legit status.
- The message contains raw non-ascii characters in an attempt to confuse spam filters that treat messages as null-terminated strings.
- The message contains several meaningless href= links surrounded by css markup that makes them invisible in an attempt to confuse spam filters looking for a mix of links as an indicator of legit status.
- The visible href= links in the message use numeric IP addresses instead of hostnames.
- The IP addresses in the href links are represented in a legal-but-obfscuated format in an attempt to defeat url parsing code. Here’s what the href= link looks like (the IP address has been changed)
- All of the readable “text” in the message is actually an image. Attempting to click on the unsubscribe link (or anywhere else around it) sends you to a questionable-looking unsubscribe page.
It can actually be really tough to determine whether a message is spam or not. Just because an email refers to well known brands doesn’t make it legitimate. Subway most likely doesn’t even know that these spam messages are being sent, even though it has the potential to hurt their image. The best advice is that if it seems too good to be true, it probably is…and/or if you didn’t sign up for messages from the organization, no matter how reputable they are, it may be spam. Other steps you can take are:
- If possible, configure your email client to not show remote content such as images.
- Look for unsubscribe links. If the message doesn’t have one, it’s probably not from a well-behaved sender who is adhering to good sending practices.