Image Spam on the Rise - Why is Image Spam So Successful?

To understand why image spam is so successful at dodging spam filters, you need to understand how conventional spam filters work. These filters analyze the content of emails, looking for certain suspicious words and phrases that are known to be associated with spammers, such as "penis enlargement," "Viagra," and "weight loss pills." Many filters are so good at this that they catch clever variations of those words as well (such as those that include misspellings, extra spaces, or unusual characters). These messages are flagged as suspicious and go into a junk folder.

The key point is that spam filters were created to deal with text messages. When they are confronted with an image, they often can't recognize it, even if it's only an image of text. So the spam filter spots nothing out of the ordinary and lets the message get through.

Actually, it's a little more complicated than that. Some spam filters grew clever enough to spot simple types of image spam. At that point, spammers came up with a fiendishly clever trick. They learned how to use a layer of text on top of a layer of a randomly generated background for each message. While humans can easily read the message and tell that it's spam, to a spam filter, each message is unique because of the changing background. Many image spam messages also vary the colors, picture sizes or font types to make them appear more like individual messages to the filters.

It makes sense that spammers would have figured this out right around the time that image spam spiked tremendously. Postini spokeswoman Catherine Leahy said that her company "attributes this increase to spammers testing the deliverability of image spam in early 2005 and realizing that many older spam filters are helpless when messages contain text to analyze, so the use of images helps get their spam received. Upon seeing the positive results, they converted much of their spam to image spam."

The real irony, which is not lost on the makers of spam filters, is that image spam turns a weapon of the computer security experts against them. You may have heard of CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) and even used it yourself. It's the acronym for a technique that prevents "spambots" - a type of automated web crawling program - from signing up for free services such as web hosting, email, and posting comments to blogs. It is even used to keep spambots from getting an email past a filter (in the case of SpamArrest's service, for example). CAPTCHAs show a sign-up form that displays an image of a distorted series of characters. Humans can figure them out, but spambots can't - for much the same reasons that conventional spam filters can't detect image spam.

Next: A Closer Look at Image Spam >>
 

More Web Hosting News Articles
More By Terri Wells