“Text with Tables” Technique for Evading Spam Filters

Spammers are always searching for ways to bypass anti-spam filters. While the “text with tables” technique is not new, it is worth noting because it demonstrates spammers’ creativity, as well as their utilization of existing techniques.

When spammers first used table HTML codes, it began as a simple table with various cells filled in with different colors to render what looked like regular text. This basic technique has since evolved into something more complex—spammers are using a table within a table.

In the example below, the spammer first defines an outer table (137 x 43). Then, each row of the outer table itself is defined as a table. These inner tables feature a unique cell length (defined by COLSPAN) and background colors.

Carefully crafted, the above HTML shows this when rendered:

This technique has certain advantages for spammers. For instance, spammers can use the same template and simply alter the codes of the inner table’s background colors. This results in almost endless randomizations without changing a single letter of the rendered text. However, such an advantage does not come for free. One major drawback of this technique is that the size of the message is unusually large in order to display a small amount of content. For example, the above message, which displays only the “image,” is 30k in size. Any attempt to make the final rendering larger (for more spam content) would result in the message being too big. While bandwidth is no longer an issue with spammers who deploy vast networks of zombie machines, such a large size is prone to trigger extra scrutiny by anti-spam software.