Goodbye Text Spams, Hello Image Spams

Some observations based on examination of spams I've received over the past few weeks:

  1. most of the spams are still text-based.
  2. most of text-based spams are successfully deflected by text-based spam filters.
  3. most of the image spams are getting through.
  4. most of the image spams are coming from foreign countries.
  5. there are only a handful of image-based spamming operations currently active.

#5 is based on the number of image spam style and content. While it's possible that relative small number of variations can be attributed to use of canned image spam generators, I think this is unlikely given that relatively low volume suggests that image-based spamming is still in early-adopter phase.
Because image spams are typically loaded with mundane words and phrases, Bayesian spam filters are ineffective against image spams. Even worse, the combination of image spams and manual spam classification (users clicking on junk/spam buttons) can potentially increase false positives. What we need are spam filters that analyze embedded images and content structure.
Image-based spams need to display mainly textual information and, currently, image spammers are using a single large rendered image of spam text. Image analysis should be able to detect fairly reliably. Of course, this will spark another arms race of sort. Next step up for spammers is to apply image obfuscation techniques as well as break up the spam image into many small ones. After that, they could try to build the textual image out of many layers of seemingly innocent images or build pseudo-images using HTML. While spammers will have a lot of fun coming up with new ways to get past spam image detection schemes, I think they'll have a more difficult time avoiding deviation from typical message structures.
Anyway, it'll take more time and pain before engineers come up with reasonably good image spam filters. So we'll have to either endure or reroute our mail through spam filtering services.

Advertisements