Junk mail began leveling off in 2005 and the first part of 2006. According to Symantec's January Spam Report, spam accounted for fewer than 55 percent of global email in September 2006, but then spiked dramatically to 80 percent by year's end. Joel Smith, CTO of Gulf Breeze, Fla.-based AppRiver, says that now as much as 98 percent of all email can qualify as spam.
Experts largely attribute the rise to a new technique known as image spam, in which fraudsters place content and links inside image files. Signature-based filters have difficulty flagging these messages as spam, especially when senders randomize the images by adding dust spots, changing colors or modifying margins, says Willy Leichter, director of product marketing for Redwood City, Calif.-based Tumbleweed Communications. The spammers have gotten so good, in fact, that vendors are being forced to return to the drawing board on a regular basis to develop effective solutions, he says.
Meanwhile, a trend among cyberthieves to build, buy and sell massive armies of botnets is helping spammers deliver their attacks in record numbers. "IP reputation takes care of a lot of spam," Leichter says. "You can track a known IP address of a known spammer if they are not changing their IP address. But now they're hijacking thousands of machines — and new IP addresses."
Thus, it should have come as no surprise when, in December, the Open Relay DataBase closed its doors after spending 5 1/2 years tracking open network relays that were being exploited by spammers.
And it is not only the IT security professionals who are on board. Smith says the widespread market for tools to build botnets and proxy networks is allowing mid- and low-level spammers to get in on the scheme. Similarly, tools to develop image spam are now being passed down from the professionals for the right price.
Enterprises face a major issue, as the influx of spam means wasted IT security resources and email delays. Industry experts recommend that organizations ensure their vendor is effectively fighting image spam and, depending on the size of the enterprise, they say that companies should consider adding an additional SMTP gateway. — Dan Kaplan