Learn Spam

By Baselinemag  |  Posted 2007-02-14 Print this article Print

Businesses are finding new ways to block toxic Net gunk while also stopping data leaks.

s New Tricks">

Learn Spam's New Tricks

One of the most persistent—and annoying—e-mail threats is unwanted commercial e-mail. Between 75% and 90% of a typical organization's incoming e-mail is spam, says Gartner analyst Peter Firstbrook.

Cedars-Sinai's Brady wasn't quite seeing spam rates quite that high: About half of the 90,000 e-mail messages the hospital receives per day are spam, he estimates.

The hospital brought in Symantec's Brightmail antispam software to help stem the tide. Brady hasn't turned up the settings to be very restrictive because he doesn't want to risk junking a legitimate e-mail: "We have a very low tolerance for false positives."

But spammers invent new tricks to bypass spam filters. A new strain has surfaced within the last year called image spam, which consists of text pasted into an e-mail message as a picture. That way, an antispam filter looking for, say, a text string of "hot stock tips" in the body of an e-mail message would potentially let through an e-mail with "hot stock tips" included as part of an image.

Another trend: "literary spam," which includes sections of classic novels like Pride and Prejudice in the attempt to fool an antispam filter with what is hoped to be natural-sounding text.

At Mary Kay Inc., the $2.2 billion cosmetics distributor in Addison, Texas, senior technical engineer for messaging technology Daryl Smith was seeing about 40 million spam messages per month, sent to "marykay.com" e-mail addresses. The company, which sells its cosmetics through individual resellers, has about 650,000 registered e-mail addresses for its affiliate members. "We were just getting hammered by spam sent to marykay.com e-mail addresses," Smith recalls.

Mary Kay installed two pairs of Proofpoint anti-spam appliances, which protect 4,000 e-mail boxes at corporate headquarters and the 650,000 affiliate e-mail addresses. The appliances have cut the spam load with a variety of techniques, including this one: They automatically detect whether more than 70% of e-mail is originating from a single Internet Protocol address, and then throttle back the bandwidth Mary Kay's e-mail servers will accept from that address.

Still, Mary Kay has seen spam blast back up to old levels—more than doubling in the last 12 months—because of image-based spam, Smith says: "They've found ways to slip past our filters."

Matt Anderson, an analyst with The Radicati Group, says vendors have just started to deliver products that combat this type of spam by examining embedded images in a message for telltale signs that it's been crafted by a spammer. The image filters work, but their catch rates are only 75%, whereas effective rates need to be 90% or higher, he says.

A new tactic spammers are using is to break up an image into 20 small ones that fit together like a puzzle. That gets around many of the image filters, which examine all 20 images independently instead of the overall pattern. As Anderson says: "It's an ongoing cat-and-mouse game."


Submit a Comment

Loading Comments...
eWeek eWeek

Have the latest technology news and resources emailed to you everyday.