Character recognising spam breaking CAPTCHA defences

Webmail and OCR based spam is on the increase, which traditional web filters are having difficulty detecting.

Spam sent from webmail accounts created using CAPTCHA breaking technology is on the increase, according to Marshal.

It said that there was more spam capable of beating the response test, which is used to ensure content is generated by a human manually typing letters and numbers rather than a computer. CAPTCHA (Completely Automated Public Turing Test to tell Computers & Humans Apart) was developed by Carnegie Mellon University in 2000 to stop spam robots.

However there are ways to get past this security such as Optical Character Recognition (OCR), which is mechanical or electronic translation of the electronic images. Sometimes it was possible to completely bypass the CAPTCHA.

"In email security we've developed pretty advanced OCR technology to deal with image based spam," said Bradley Anstis, vice president of products at Marshal. "I think some spammers are using tools we've created against the industry to help them break the CAPTCHA codes."

Advertisement - Article continues below
Advertisement - Article continues below

However, he did go on to say that the bigger problem was that many businesses and websites were not even bothering to implement CAPTCHA.

"Even though CAPTCHA technology is evolving and there are new ways of doing it its still up to the companies to deploy these on their websites," Anstis said. "That traditionally has been the hardest thing to do."

The report said that using webmail accounts for spam made IP reputation or message header inspection less effective. Spam would be generated from Gmail, Yahoo and Hotmail accounts, so they would look to come from legitimate sources.

"This email is typically generated using a well-formatted composition type engine so the headers are really tidy and bodies are really neat," Anstis said.

"Traditional spam filters that look at the structure of an email message looking for addresses of bulk mailers are less effective. Webmail messages conform to all right the standards."

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now


internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020