By Larry Seltzer  |  Posted 2006-11-06 Print this article Print

-Anti-Spam Spam"> But the most interesting factor, also from the "anti-anti-spam spam" department, is advances in image spam. Weve seen image spam for years, but its gotten much fancier. Incidentally, Borderware is expected to announce new technology next week related to fighting image spam.

You cant just block images in e-mail. (Well, technically you can, but people wouldnt stand for it.) So you have to figure out, somehow, which are the bad guys. There have been two basic methods employed: fingerprinting and OCR.

With fingerprinting you try to identify a specific graphic through some set of characteristics, perhaps as simple as a CRC of its contents, perhaps some more complicated pattern recognition. You can determine, even offline by human examination, if the graphic is spam, and then when another graphic with the same fingerprint shows up you block it.

The counter to this technique is actually pretty obvious: By modifying relatively few pixels in the graphic, say by changing the color slightly in every 10th pixel, you distort the fingerprint. Now introduce some randomization into that, by randomizing the pattern of changed pixels and the color shift, and fingerprinting becomes far more difficult. There are vendors working on solutions though, as well hear in the near future.

OCR works by attempting to "read" the characters out of the graphics. Its an old idea; a friend of mine got an OCR patent back in the mid-80s thats already expired. OCR works pretty well under stable, simple circumstances, like black block characters on white paper, but its not hard to make life difficult for an OCR algorithm.

Random dark clumps of pixels on the image create the analog of dirt on the paper. Or how about "speckling," in which patterns and color changes are inserted into the character drawing in the graphic?

Its not unlike a "captcha," one of those Turing tests you have to pass in order to sign up for a Yahoo Mail account or similar things. They take a dirty graphic and draw characters on it, often wavy and distorted characters. You can read them, but they are hard for a program to read.

Spam increases have also been blamed on "island hopping," a newly emerging delivery technique that preys on far-flung domain names. Click here to read more.

But wait, it gets worse. Spammers are taking advantage of GIF file features to make things even harder for anti-spam tools. The first technique is to use an animated GIF and to put the spam message on a second or subsequent and last image. Theres a good chance that anti-spam software will only examine the first image. There are also layered GIFs that allow you to place different characters of a message in layers and appear to the user to be a single flat image. But software that examines the image will not easily see the picture the user sees.

Its interesting that this latest flare-up in the spam war is costing both spammers and anti-spammers dearly. Its probably less of an issue for spammers because their costs are largely fixed and they offload much of the bandwidth and processing costs on to unsuspecting infected bot users. But anti-spammers are incurring much greater costs in processing and bandwidth.

Ive always been a fan of outsourced services like Postini for mail security, and its times like this that they really save your butt. Are your network and your mail security infrastructure ready for a 60 percent increase in spam? I suspect a lot of companies with underpowered appliances are losing mail from overloaded hardware these days. But Postini can handle it, and to the extent that it is effective in blocking the spam, you dont even see the increase in bandwidth, let alone the spam.

Of course, Postini is not perfect in blocking spam; nobody is, which means that it has to be going up for everyone. If your anti-spam system blocks 97 percent of spam and you get 1,000 spam messages a day, a 60 percent increase means 18 more spam messages getting through than before.

Some time ago I asked in a column, rhetorically, whether people would put up with spam as it approached 100 percent of the corpus of e-mail. According to Postini were at 91 percent and rising, and I have to ask again: How bad does it have to get? The truth is that it can get a lot worse than it is now before enough people contemplate really serious measures.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog. More from Larry Seltzer

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel