WBR tags trick spam filters

by

The Commtouch Labs recently reported on a spam outbreak that includes the use of the HTML tag to bypass traditional spam filters. is a tag used to denote an optional line-break — as opposed to the tag, which prevents line breaks in certain areas. The tags can be placed anywhere in the HTML code…and in this case, was placed in the URL, just before the .com suffix.

The recipient opens an email and sees something like this example:

Sample WBR email

 

The tag is inside the URL itself in the HTML code but cannot be seen by the viewer. If you narrow the window width to cut the URL in half you will see the point where the line breaks – that is where the tag is inserted in the code to confuse parsers.

The HTML code looks like this:

HTML code

The tag is highlighted in yellow. By adding before the .com suffix, a traditional spam filter may not identify the URL as a complete URL and as a result, the email may end up in your inbox.

Advanced, content-agnostic spam filters (*ahem ahem*) will be more likely to catch such a trick and block it.

Go back