What is Hashbusting?

If you've ever received a spam email that had a bunch of random text at the bottom, text that didn't make sense or didn't relate to the rest of the email, you've seen hashbusting in action.

Hashbusting is a spammer trick wherein they take blobs of text and append them to (or hide them in) their unwanted advertising messages. The words are sometimes nonsense words from a dictionary (word salad), or it could be chunks of text from public domain e-books. (Spammers seem to love the classics.)

Bad guys put this extraneous text in their email in an attempt to evade spam filters. The hope is that a lot of spam filters use simple checksums to log messages, to denote similar messages, so that repeat spams can be blocked before delivery. Spammers believe that this randomized text would make otherwise similar messages seem much less similar, preventing them from being identified as repeat spam from the same bad guy. Net effect, they hope, is that more of their spam will get delivered through the spam filters, and into your inbox.

It's a lost cause; just about every spam filter out there that checks for message commonality knows how to use "fuzzy" checksums that allow for enough wiggle room to tell that a spammer's messages are all very similar, even if this text is included.

There is no legitimate reason to include such text in email messages. Many email service providers and internet service providers will immediately suspend companies who are observed to be sending messages containing "hash buster" text, as it is considered evidence of intent to send spam.

Hashbusting is not a new technique. There is ample evidence of its use going back to 2005, 2004, and even earlier.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.