Messaging security vendor IronPort says its e-mail filters tuned to trap image spam – the latest spammer trick that’s made a significant increase in the amount of unwanted messages flooding in-boxes – are now reaching catch rates of as much as 98%.

IronPort currently deploys 17 antispam filters designed specifically to catch image spam, messages with text embedded in an image file that evade most spam filters because they can’t recognize the words inside the image. IronPort’s filters can inspect an image embedded in a message for text as well as for other clues that the message might be spam, says David Mayer, product manager with IronPort.

For example, in order to trick antispam products that make a signature of a known spam message and match that against new messages, spammers have begun "randomizing" image spam by adding a random dot to the background or compiling six or seven images into one large one, Mayer says. IronPort’s filters respond to this by examining images for such random changes or for compiled images that wouldn’t normally be found in a legitimate e-mail with an embedded image, he says.

IronPort updates its filters with new rules on a regular basis to keep up with the latest spamming tricks, Mayer says.

According to one user, the filters are working.

Cooper Industries, a manufacturer of electrical products and tools in Houston, was using IronPort’s e-mail security appliance with Symantec’s Brightmail antispam filters, which IronPort offers along with its own antispam filters that include the company’s Context Adaptive Scanning Engine (CASE). Cooper Industries’ IT department, which manages about 29,000 users on its network, a few months ago began getting complaints about spam.   

---