Q

Can simple antispam filters solve the image spam problem?

If your company has a problem with image spam, why not just filter it out? In this SearchSecurity.com Q&A, information security threat expert Ed Skoudis explains why filtering isn't the easy answer.

With the hype lately about image spam, I find myself wondering why companies don't just filter it out. How often does a legitimate message contain only an image? In business mail, I'd venture to say it should never happen. Even in personal mail, it's rare; people almost always include comments with the pictures they send around. Therefore, a simple rule filtering out messages lacking body text ought to take care of the problem, right?
Your suggestion is reasonable, but not a panacea. I receive a lot of spam that contains only image attachments. In fact, when searching through my antispam filter (a very un-scientific method of analysis), I estimate that about 5% of the spam I receive contains nothing more than an image. So, why not filter all images?

First, it's a distinct minority of all spam, and filtering puts a frustratingly small dent in the problem. Second, the bad guys can easily adapt and are already doing so. A few months ago, a lot of the pump-and-dump stock spam messages were purely images, but now spammers often append a bunch of gibberish words or random sentences to the email by placing them underneath the image. Third, traditional antispam solutions can detect image-based...

spam reasonably well, responding to hashes of the images themselves and the fact that they are spewed out in bulk. Rather than blocking image spam wholesale, we can catch it using traditional antispam filters. So, your idea of filtering them is a good one, but nothing that will put a major dent in the glut of spam.

More information:

  • Learn how IT pros are battling image spam.
  • Find out how well whitelists and blacklists can stop spam?
  • This was first published in December 2006
    This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close