Spammers work on advanced spam methods to avoid that their spam messages land in automatic spam filters. It is a cat and mouse game. I would like to present some examples from my personal mail folder and analyze the latest image spam trends. Many spam filters concentrate their efforts on blacklists and the text that the spam mails contain. Spam that is not caught immediately will be caught in the future if the user marks that mail as spam. Language and keyword filters and white lists do their part and reduce spam and false positives.
Image spam on the other hand is on the rise because of several new spam techniques that make it pretty hard for the filters to automatically recognize spam.
The left image is an example of a typical image that appears in spam emails. The following techniques were used in this mail to bypass the spam filter. The first obvious element are random pixels that overshadow some part of the image. This is done to create random images which can bypass spam filters even though an image with the same information arrived before in your mailbox.
Other options to achieve a similar effect include using colors that look the same to the human eye but not to the computer, and randomizing processes to create unique images.
Some spammers use different layers for a set amount of pixels which makes it incredibly hard to to use hash values to determine spam images.
The last aspect of image based spam emails is random text that is copied before or – more often – after the image. The text itself has nothing to do with the intention of the spammer. It is solely used to simulate a normal mail with a set amount of neutral and positive words.
The image on the left shows another image that is often used to bypass spam filters. It uses random colors much like the previous image used random pixels that made the image unique.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
How to filter fake membership and e-card spam mailsFDF File Spam is on the rise
PDF Email Spam on the rise
best free anti spam software
Anti Spam Software Comodo AntiSpam
I guess the only way now is to bring the ‘manual’ way back into the picture. That is, physically deleting and getting rid of those spam. Nothing beats a human at doing it!
At MX Lab (www.mxlab.be) we use of course several techniques like OCR to identify and block image based spam. Not all image based spam are detected and the spammers tends to change the images quite fast to make some techniques less effective.
It is true that nothing beats the human way of doing it but this is very time consuming. It is possible if you only want to protect your own inbox but again, spam is getting on your system and you spend time in deleting it.
We use a very simple technique now and have implemented it just before delivery of emails towards the mailboxes. I can’t go too deep into details, spammers might read this also, but it keeps the emails with images for reviewing and also works with whitelisting.
The best way to beat spam is to stop playing the game.
I use spam assasin on my front end which catches 98-99% of my companies spam. The remaining 1-2% of mail gets treated to SpamLion (http://www.spamlion.com). SpamLion uses smart sender validation. A first time sender will recieve a challange mail to validate that they are a real person and not a spammer. Once they respond their email will go through to the users inbox. After that, they never have to validate again. Obviously a user can decide to block them. Users can also go through their personal quarantine and release items.
Some people do not like sender validation because they think it floods the internet with validation mails. If you set it up right and put spam assassin in front of it there is no problem. I have it setup so that an email address will only recieve a challenge mail once every 30 days so if a spammer is using it to send out millions of emails the mail address will never get bombarded. Also whenever a user sends out an email it gets automatically white-listed so a challenge mail is never sent.
After about 30 days most users stop checking the SpamLion quarantine as by this time their normal contacts have all been white-listed.
As a mail admin, I must say it is nice not to have to update my rules with the latest spelling of Viagra every week to keep spam out.