According to Symantec researcher Samil Patel, the spoofing (obfuscation) of email messages to by-pass anti-spam filters is a very common technique for spammers.
"Spammers try to obfuscate the email headers or email bodies of messages to evade anti-spam filters, as discussed in one of our previous blogs", he said in his security blog.
"So far, we have seen the use of non-ASCII characters or special characters that are not seen in legitimate URLs to obfuscate the domains or links in the spam messages. With such obfuscation in place, content-based anti-spam filters have limited success against such variations", he added.
Whilst many current IT security apps don't block access to SHY-enabled web addresses in email addresses, Infosecurity notes that an anti-virus application will stop most malware code infections.
Indeed, as Patel says, "Symantec recommends having anti-virus and anti-spam solutions installed – and don't forget to update your signatures regularly."
Over at Kaspersky Lab, meanwhile, fellow IT security researcher Paul Roberts says that spammers aren't shy about tapping humans' flexible cognitive abilities to slip past the notice of spam filters.
H3rb41 V14gr4 [herbal viagra], he notes, is a case in point, adding that hackers are always alert to flaws or inconsistencies in the way that browsers render text, to allow them to slip web addresses by programs designed to spot unwanted solicitations and phishing attempts.
"Soft hyphens are represented by the HTML equivalent character '­' and rendered by a graphic symbol that's identical to a standard hyphen (-)", he said, adding that, unlike hyphens, soft hyphens are only used to represent line breaks within a word, such as within a Microsoft Word document.
"However, common web browsers, including Mozilla's Firefox, don't render the soft hyphen. That has enabled spammers to lard up URLs to web sites they're promoting with soft hyphen characters, ensuring that users will see a properly formatted URL, while URL filters that rely on text matching will be fooled", he said.
The good news, Roberts goes on to say, is that more advanced content analysis technologies that don't rely on URL matching can spot the obfuscation and block the messages.
Even better is the fact that the Kaspersky Labs researcher says that the advent of HTML 5 within the next couple of years – and browsers that support it – is expected to solve many of these problems.
This, he explained, is because the specification "finally standardizes how HTML code should be parsed by web browsers, rather than leaving it up to individual platform vendors to develop their own interpretations of how the code should be parsed."