How do Blackhat spammers circumvent email Anti Spam Filters?

Organization announcements, personnel information, correct branding colours fonts to use in mails.

This can allow attackers to create phishing mail in the same style as used in the organization to make it look legitimate.

Attackers will even test phishing mails against known anti spam filters to make sure it can bypass them before sending it to the victim organization targets.

When attackers find their phishing mail to be blocked by anti spam solutions they can buy genuine certificates from reputable companies.

They can use Sender Policy Framework SPF and Domain Keys Identified Mail DKIM.

SPF can be compared as another DNS record that is used in describing which email servers are allowed to sent from a specific domain.

DKIM is used when each mail being sent contains a digital signature which is validated against the public key which is published in the domains DNS records.

By using this attackers can easily bypass many large filters example from Microsoft or Google.

Still advanced spam filters can detect it and attackers can use more sophisticated ways such as buying new domains.

Putting them on trusted GFW Google for Work accounts which is used for professional use.

Depending on the time and and resources an attacker will use to bypass anti spam filters they can be successful in some attempts. 

The Protector UTM Firewall can help to protect an organization from advanced anti spam phishing attacks.

Attackers using Botnets for SPAM attacks

Another popular method by attackers is simple to infect many unsuspected users around the world. This can be average users that are just surfing the Internet in different countries.

By using Malware phishing campaign to infect them without them even knowing it attackers can use them in botnet style attacks.

The users can be on trusted white listed IP addresses and black hat attackers can then use them in their botnets.

They can sent high amount of spam from their legitimate IP addresses in different countries.

The attacker can easily sent 100.000 of mails from the infected not knowing users computers on white listed IP addresses before they get blocked by the ISP.

Meanwhile the attack do not care the user gets blocked since they already sent large amount of spam mails.