Spamtcha

The neverending battle between spammers and everyone else continues, and I've just discovered a recent development.

In years past, we've tried to battle comment spam with CAPTCHA. The spammers then fought back, developing OCR bots that are better at reading CAPTCHAs than most people.

However, email spam protection looked like a battle won: Bayesian filters worked wonders against text in emails by pattern matching against known spam messages. It was a simple strategy, and it worked incredibly well. Until now.

Taking advantage of how most graphical email clients will display attached embedded images (since there's no information leak in displaying them), spam messages are now attach the spam in an image with an innocent and unrelated body of text.

Of course, images with text could also be checked by a Bayesian filter with OCR software, so the spammers have implemented the same techniques that we developed to stop them: they generate their spam messages with swirls and background images designed to prevent OCR. It's spam via captcha: spamtcha.

I don't know whether a Bayesian filter with OCR actually exists, but the spammers are taking no chances. What can the spam-blocking software do to combat this?

Portrait of Matt Ryall

About Matt

I’m a technology nerd, husband and father of four, living in beautiful Sydney, Australia.

My passion is building software products that make the world a better place. For the last 15 years, I’ve led product teams at Atlassian to create collaboration tools.

I'm also a startup advisor and investor, with an interest in advancing the Australian space industry. You can read more about my work on my LinkedIn profile.

To contact me, please send an email or reply on Twitter.