Esther Schindler writes:
Like anything else, spam evolves, as do the means by which it gets delivered to your e-mail inbox and the manner in which sysadmins prevent it from doing so. If your thoughts on spam-fighting are a few years old, it's time for an update.
For instance, starting with the good news: According to Kaspersky, in 2013, the proportion of spam in email flows was 70%, which is 2.5 percentage points lower than in 2012. The bad news is that spam that does get through is far more dangerous. According to John Levine, chairman of the Internet Research Task Force's Anti-Spam Research Group and president of the Coalition Against Unsolicited Commercial E-mail, "The ongoing threat is that spam is now essentially 100% criminal, and it's as likely to try to plant bank-account-stealing malware either directly or via links to compromised websites as to sell you something." As one example:The content of spam is evolving to become more dangerous in new ways. For instance, Nick Gonzalez, a spokesperson for the security company Barracuda Labs, observes, “One new way we’ve seen are campaigns that use embedded Excel spreadsheets. The spammers break the words into individual cells to bypass the anti-spam tools. When viewed in an email it looks like a typical HTML attachment but it’s much more difficult to analyze."
So, here's the current state of the spammy art, and what you ought to know to fight it effectively.