Image Based Spam
I was reading an article about the rise of image based spam. Now i have seen various statistics from different anti-spam companies saying that the amount of spam emails compared to the total number of emails is anywhere between 66% and 90% of the total. I had seen 91% quoted as well. I supposed looking at the amount of email sitting in my junk and spam folders i would think the lower 66% more likely, although it is still a hell of a lot of spam. It does make me think what do these companies class as spam, but that is for another post.
What really intrigued me in the article was the fact that image base spam now comprises 25% of the total spam problem, up from 5% a year ago and that the average size of a spam mail has risen from 9KB to 13KB.
Now i can hear lots of people saying “so what!”. Well if 60% of your inbound email is spam and you don’t manage your spam correctly, then this is a lot of resources (bandwidth, storage and productivity) waisted on junk email. The fact that image spam is on the rise means that even more of the bandwidth and storage resources will be waisted.
So why are these evil spammers turning to image based based spam? The answer is easy, to keep one step ahead of the anti-spam companies. Traditional anti-spam methods just searched text so HTML or image based spam would by pass the anti-spam filters. So the anti-spam brigade added OCR and other image scanning services to allow them to catch image based spam.
Naturally enough the spammers have adapted and now have added background patterns etc. to fool OCR and other image based anti-spam services. It is of course the ever changing nature of information security that the good guys are almost always playing catch up.
So what can you do. I have seen it suggested that you should setup your mail servers to only accept mail from your white list, i.e. only accept mail from certain mail domains. Of course for the majority of companies this wouldn’t be acceptable so what can you do.
Well for goodness sake, don’t do nothing. Make sure you have a good anti-spam service whether it is hosted externally or part of your infrastructure. Don’t just depend on a free or cheap service that only looks for text based key words or denies emails from domains on a spam database.
Now i’m off to take advantage of that offer i recieved in my email this morning, an extra couple of inches…….