<<< Date Index >>>     <<< Thread Index >>>

Is predictable spam filtering a vulnerability?



During a recent email conversation with several participants, we discovered 
that the email service of one participant silently dropped legitimate emails 
that happened to contain certain combinations of words common in spam. I 
believe this sort of filter is common practice, and in fact even in place for 
some of my own email addresses.

However, this experience made me think: isn't predictable spam filtering in 
general a vulnerability that could be used as a hoax device? Since most users 
reply to an email citing the complete source email, including filter-offending 
words, it should be possible to keep a reply, forward, or even a whole thread, 
under the radar of specific recipients. If used in combination with forged 
replies from addresses predictably dropping emails, I think this may be a 
dangerous tool for social engineering. 

For example: attacker 'A' sends 'B' a social engineering request for "the 
secret plans" and says "if you are unsure, forward my request to your boss and 
ask if this is okay". 'B' forwards the email to his boss 'C' and asks "Is this 
okay?". However, 'C':s spam filter silently drops the email. 'A' forges a reply 
from 'C' saying: "Sure, no problem, go ahead."

Regards,
R. Armiento