Image-based spam, which is increasing at an alarming rate, is a tactic spammers use to elude spam-filtering software that analyzes messages of keywords. By embedding their marketing messages in attached, randomized .gif or .jpg image files instead of in plain text, many spammers manage to elude those filters. Image-based emails don't differ much from text-based spam and will often include pitches for prescription drugs and penny stocks in addition to pornographic material.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
"It's a technique that's been around for a while," said Dan Blum, an analyst at Burton Group Inc. in Midvale, Utah. "It doesn't seem like rocket science, but now that filters have gotten good enough at detecting randomized text-based spam, more spammers are using this approach, which is probably not what they want to do because they care about bandwidth, too."
When image-based spam sneaks through spam filters, it become a problem on several levels. According to Commtouch, the typical image-based message is three times larger than text-based spam. Such messages can create storage problems and bandwidth problems. And companies that are subject to regulatory compliance standards such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act must archive all their email messages. The image files in spam can quickly take up storage capacity.
"Without blocking image-based spam, it would probably lead to a 25% increase of storage space and bandwidth," said Stephen Laughlin, director of information technology at the Academy of Television Arts & Sciences, the Los Angeles organization that hands out television's Emmy Awards. "Email storage space is already at a premium, so there's not a lot to give up. People want as much as they can get."
The flood of image-based spam, a lot of which is porn, can be a problem even at organizations that aren't required to retain email messages for regulatory compliance.
"The image was much larger in size so it took up more space on hard drives for users," said Mark Kowitz, a system administrator at The Rockefeller University in New York. "A lot of people saw it. A lot of people complained. Virus scanners took more time at the server level and desktop level. It affected overall bandwidth and CPU time. And unfortunately, you always get users who click on [the images, unleashing viruses]."
Image-based spam has forced Kowitz to consider a new spam filter solution. He had been using Cloudmark, purchased through reseller Sendmail Inc. Now he is testing a new version of Commtouch's antispam solution.
Greg Olson, director of product marketing at Emeryville, Calif.-based Sendmail, explained the different approaches of spam filtering services.
"The Cloudmark method for detecting spam is based on a collaboration network, tens of thousands and hundreds of thousands of people who are essentially nominating spam to be called spam," Olson said. "Commtouch's approach is a network-based approach. They just look at Internet traffic passing through various gateways. Every message gets unique identifiers calculated for them, and that information gets sent to Commtouch for analysis. They look at distribution patterns for messages. If they see the same message being sent by lots of individual folks it's an indication of a botnet. And if they see a large distribution of messages from a single send, [it's a single source spammer]."
Blum, of the Burton Group, said companies should take a multilayered approach to fighting image-based spam.
Companies that have to archive their email for regulatory compliance should engage a vendor that blocks incoming spam outside their firewall. If the messages are stopped outside the company, they don't have to be retained.
However, companies that don't have email retention requirements might want to have a light layer of filtering outside the firewall to stop the most obvious spam, without running the risk of accidentally blocking legitimate email. Then the company can have a second and third level of filtering at the server and desktop level.
Blum also said CIOs should look for vendors that have a variety of expertise in detecting and blocking spam.
"I would look for a vendor that had both a good heuristic for scanning the content of messages and a good reputation database, because 80% of the spam is coming from botnets. That means the disposable addresses and disposable domains that spam is coming from change very frequently."
Blum said a vendor with a large reputation database can more quickly detect the ever-changing botnets that bombard email traffic.
Let us know what you think about the story; email: Shamus McGillicuddy, News Writer