Image spam
Encyclopedia
Image spam is a kind of E-mail spam
where the message text of the spam
is presented as a picture in an image file. When introduced by spammers most graphical E-mail client
software would render the image file by default, presenting the message image directly to the user, it was a highly effective at circumventing normal E-mail filtering software.
The basic rationale behind image spam is that it is difficult to detect using spam filtering software designed to detect patterns in text in the plain-text E-mail body. Attempts to filter text in image spam are easily defeated because optical character recognition
of text in image spam can be prevented using a variety of obfuscation
techniques which will not prevent the spam image from being read by human beings. This is the same phenomenon exploited by CAPTCHA
s, but put to the ends of spammers, rather than to deter their activity.
Obfuscation techniques can include:
Currently, the surest known countermeasure for image spam is to discard all messages containing images which do not appear to come from an already whitelisted E-mail address. However, this has the disadvantage that valid messages containing images from new correspondents must either be silently discarded, or that bogus "backscatter
" bounce messages must necessarily be generated to the reply-to addresses in junk mail messages, enabling denial-of-service attack
s by spammers, as well as a directory harvesting attack. Another common technique for image spam detection is to analyze what percentage of the email is actually an image, as image spam often contains very little text content.
Most mailers can also be configured to display pictures only when requested.
A compromise, used by Internet Explorer, is to present the e-mail without any images rendered, giving the user the option to show the images for this e-mail and optionally to whitelist the sender.
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
where the message text of the spam
Spam
Spam may refer to:* Spam , a canned pork meat product* Spam , unsolicited or undesired electronic messages* E-mail spam, unsolicited or undesired email messages* "Spam" , a comedy sketch...
is presented as a picture in an image file. When introduced by spammers most graphical E-mail client
E-mail client
An email client, email reader, or more formally mail user agent , is a computer program used to manage a user's email.The term can refer to any system capable of accessing the user's email mailbox, regardless of it being a mail user agent, a relaying server, or a human typing on a terminal...
software would render the image file by default, presenting the message image directly to the user, it was a highly effective at circumventing normal E-mail filtering software.
The basic rationale behind image spam is that it is difficult to detect using spam filtering software designed to detect patterns in text in the plain-text E-mail body. Attempts to filter text in image spam are easily defeated because optical character recognition
Optical character recognition
Optical character recognition, usually abbreviated to OCR, is the mechanical or electronic translation of scanned images of handwritten, typewritten or printed text into machine-encoded text. It is widely used to convert books and documents into electronic files, to computerize a record-keeping...
of text in image spam can be prevented using a variety of obfuscation
Obfuscation
Obfuscation is the hiding of intended meaning in communication, making communication confusing, wilfully ambiguous, and harder to interpret.- Background :Obfuscation may be used for many purposes...
techniques which will not prevent the spam image from being read by human beings. This is the same phenomenon exploited by CAPTCHA
CAPTCHA
A CAPTCHA is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves one computer asking a user to complete a simple test which the computer is able to generate and grade...
s, but put to the ends of spammers, rather than to deter their activity.
Obfuscation techniques can include:
- Blurring of text outlines
- Construction of the image from multiple image layers assembled within an HTML e-mailHTML e-mailHTML email is the use of a subset of HTML to provide formatting and semantic markup capabilities in email that are not available with plain text.Most graphical email clients support HTML email, and many default to it...
- Use of animated image formats
- Random noise added to the image (also known as confetti) to prevent the detection of multiple similar images using hash algorithms
Currently, the surest known countermeasure for image spam is to discard all messages containing images which do not appear to come from an already whitelisted E-mail address. However, this has the disadvantage that valid messages containing images from new correspondents must either be silently discarded, or that bogus "backscatter
Backscatter (e-mail)
Backscatter is incorrect automated bounce messages sent by mail servers, typically as a side effect of incoming spam....
" bounce messages must necessarily be generated to the reply-to addresses in junk mail messages, enabling denial-of-service attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
s by spammers, as well as a directory harvesting attack. Another common technique for image spam detection is to analyze what percentage of the email is actually an image, as image spam often contains very little text content.
Most mailers can also be configured to display pictures only when requested.
A compromise, used by Internet Explorer, is to present the e-mail without any images rendered, giving the user the option to show the images for this e-mail and optionally to whitelist the sender.