Spam is a continually evolving threat. Randomized image spam is just the latest mutation in a long line of techniques used by spammers to thwart the defenses put in place by the antispam community. What's different about image spam is that most traditional antispam techniques have failed to offer an effective means to thwart it.

Consequently, the volume of image spam has increased. Because image-spam messages tend to be larger than traditional spam, more network and disk use must be devoted to them. Understandably, this is an alarming turn of events, but there is no reason to be overly concerned by the image-spam threat if you have the correct reactive solution in place at the edge of your network.

---

The other side - Patrick Peterson of IronPort Systems
Is imaged-based spam a nightmare?

---

To combat image spam successfully, a product requires three capabilities. First, it must block unwanted messages as soon as possible. The blocking system must use IP address-based reputation and SMTP behavior to decide whom to block and whom to let through. The reputation system must understand how a particular sending IP address behaves in a global context and adapt in real time to changes in sending behavior. Using these connection-management techniques, as much as 80% of inbound spam can be stopped before it places a load on your network and e-mail systems.

Second, the product must identify suspected messages as spam. Systems that rely on lexical analysis of messages fall short, because there is no consistent text in image-based spam. Systems that rely on matching similar messages throughout a collection system also fall short, because no two image-spam messages are identical. In addition, some antispam mechanisms use optical character recognition techniques to try to extract text from image-spam messages.