Towards a formatting-based spam filter

The spammers’ biggest strength – their ability to adapt quickly to new filtering methods – hides one of their most important weaknesses, the inability to change certain aspects of the message. such as the spam layout, the way a message “looks”.

Unfortunately, so far this topic attracted little research, if any, possibly because some spam e-mails have no significant layout differences from legit mail.

However, formatting, either plain text or html, is a valuable source of information for certain types of email, such as most newsletters, phishing e-mails or nigerian scams. These could be singled out by onsidering this criterion.

The massive text and standard signatures of the 419 – nigerian – scams, the multitude of links and addresses in newsletters, the logos in phishing messages are only a few examples of obvious visual identifying items widely known. But, though widely encountered and full of valuable information, these patterns are, to the best of our knowledge, scarcely used in identifying email type. We’re working on correcting this ommission.