The tidal wave of unsolicited commercial email, or spam, ending up in user inboxes shows no sign of slowing. Estimates of just how much email is spam range anywhere from 66% to more than 90%, depending on who's counting. This translates into a lot of wasted bandwidth, wasted storage and lost productivity, as users struggle to separate legitimate emails from spam.
The dramatic increase of image spam has only made the problem worse. During 2006, 25% of unsolicited commercial email used images to deliver messages, up from less than 5% in 2005, according to email security vendor IronPort Systems Inc.
Image spam messages are typically made up of two parts: First, some random text intended to fool filters into thinking that the message is legitimate, and second, the actual advertising message in the form of an attached or imbedded image. Spammers count on the invisibility of their advertising message to the filter to allow it to slip through and end up in your users' mailboxes.
There is a definite cost to image spam. Messages containing images are larger than their text-only counterparts. The average size of a spam message in 2005 was just under 9 KB. By 2006, the average size jumped to 13 KB, thanks in part to image spam. This means transmitting and storing spam took up 40% more of an organization's bandwidth and storage capacity in 2006 than in 2005.
The battle between spammers and antispam vendors is like an arms race. For instance, some vendors have added optical character recognition (OCR) to their filtering products, allowing them to read the content of image spam to identify it before it hits user mailboxes. To counter this, some spammers have started adding background patterns or using distorted fonts in their images to make them unreadable by OCR programs but legible to email recipients.
So what is the security professional to do to keep the volume of spam in their users' inboxes as low as possible?
- Outsource the job to an antispam service provider.
Providers get to see and analyze much more spam than most people, and use their enhanced knowledge to benefit all of their customers.
- Use virus-scanning services
Most antispam vendors also provide other services such as virus scanning of inbound and outbound email, message archiving and disaster recovery. Combining an antispam solution with these types of services can help small and medium-sized businesses (SMBs) concentrate on core competencies instead of spam.
Another option is to flip the problem on its head. Rather than trying to exclude spam, some antispam products work by allowing only the delivery of messages from sources that have been verified as legitimate.
Spam Arrest from Spam Arrest LLC allows users to set up lists of valid email addresses and domains from which they expect to receive email. When an email arrives from an address or domain not contained on the "whitelist," Spam Arrest holds the message. It then replies to the sender with a link to a Web page, where they are asked to read and enter a verification code presented as an image (take that, image spammers!). The goal of this process is to verify that the email is being sent by a human, not a spambot, and the verification process has to be done only once.
Products like Spam Arrest have simplicity on their side. They eliminate the need to analyze each email and decide whether it is spam or not. New spammer techniques that bypass filters, then, don't affect their performance.
Whitelisting products do eliminate spam in inboxes. However, they also have some downsides. Some users are confused by the verification email. Because of the prevalence of phishing, other users may think the verification process is somehow trying to scam them out of personal information. Also, when signing up for new Web accounts that cause an email to be sent, users have to go to Spam Arrest's Web page to look for the "unverified" email and manually mark it OK to have it delivered. Users have to decide whether the benefits outweigh the drawbacks.
Image spam is just the latest escalation in the spam wars. As long as there is money in unsolicited commercial email, we can expect the spammers to continue to innovate their "product" and present new challenges to SMBs.
Al Berg, CISSP, CISM is director of information security at Liquidnet (www.liquidnet.com). Liquidnet is the leading electronic venue for institutional block equities trading. According to INC. magazine in 2004, Liquidnet was the fastest-growing, privately held financial services company in the U.S. and the fourth fastest-growing privately held company in the U.S. across all industries.
This was first published in February 2007