Image spam has been about for many years, having spurts of popularity when spam filters get good at detecting normal types of spam. Each resurgence has seen image spam increase in complexity. To attempt and understand image spam, I started talking to the people at Red Condor, a well-known spam filtering service.
Brien Voorhees, one of the founders of Red Condor was kind enough to answer my numerous questions. Let’s see what he has to say about image spam:
TechRepublic I keep hearing about image spam and how spammers are using it to get past filters. What is image spam?
VoorheesIt’s a spam email where the spammer’s message or pitch is represented in an attached/embedded image instead of text. Often, the email will also have unrelated text in the body of the message to throw off filters, but the actual pitch will be in the image.
TechRepublic: Why is image spam so difficult to detect?
Voorhees; The purpose of spam is to get the user to take some kind of action, whether it’s clicking on a link to buy a product, calling a phone number, or replying to an email address. The spammer can randomize the content of their messages and where they come from, but it’s difficult to randomize the actual call to action.
Any kind of consistency in a spam campaign can be used by a filter to identify, target, and block the campaign. When the “call to action” is displayed visually, the computer can’t recognize it without computationally expensive Optical Character Recognition (OCR) processing. The images are almost always randomized to some degree to prevent OCR and also make each image unique.