Should organizations be overly concerned about image-based spam?

FOR, by Craig Sprosts, senior product manager, IronPort Systems

Like the Volkswagen Beetle, image spam has been around a while, but has found a new and more powerful form. Highly randomized variants of image spam increased 10x in 2006 and are now zipping past spam filters.

Worse, more sophisticated attacks are just around the corner.

Most filters today stop image spam using "fuzzy signatures" of the embedded images or patterns in the email headers. Using new tools for generating spam, spammers rendered signature technology useless by making every image appear unique to spam filters (by inserting random dots, varying borders, etc.). It is only a matter of time before spammers also update their software to hide the subtle patterns most anti-spam vendors now depend on to stop these attacks.

When this happens, end-users could see the amount of spam in their inboxes increase by five to 10 times. Many vendors will then be forced to introduce computationally intensive and error-prone technologies like OCR, leaving customers unprotected for months. Not a pretty picture!


AGAINST, by John Veizades, senior product line manager, security products, Mirapoint

No, spam is a continually evolving threat; randomized image spam is just the next mutation in a long line of spamming techniques to thwart defenses by the anti-spam community. There is no reason to be overly concerned by this next threat if you have the correct reactive solution in place at the edge of your network. You need a solution that defends against emerging threats by providing non-heuristic mechanisms that:

  • Combats spam without having to have a deep understanding of the embedded content in a message;
  • Looks at the behavior of spammers in a global context and can react to emerging threats quickly and effectively;
  • Can block threats before messages are accepted by the system using comprehensive reputation-based SMTP connection controls.

In short, as an email administrator, you should be concerned in finding a solution that can react to emerging threats so that you never have to worry about the next trick by spammers.