Damn Spam.

The e-mail system at work is pretty much my baby, that means trying to block spam is part of my job. I read about this particular insidious trick the other day and just noticed my first example of it. This is a new tactic being used to bypass content filters:

<p>G<!--iup8uh1kwzve-->et Vi<!--9zdgum1zqa5-->a<!--0iifrz1kwv-->gra o<!--g1esqe2qa1dz53-->nline N<!--xdgz301z7hi-->ow <!--yun98a212g-->! <br>

The subject line was innocuous and unfilterable ("Answer my question please"). The content is in HTML. In HTML <!--comment goes here--> is a comment tag and doesn't render so the above text reads "Get Viagra online now!" The contents of the comments are completely random and randomly inserted in the text. Adding insult to injury the random comments not only subvert all but the most sophisticated (and expensive) heuristics filters, they make the message multiple times larger than it's content, chewing up considerably more bandwidth.