With recent significant increases in the volume of image spam and its associated escalating cost to businesses, there's no time like the present for companies to secure their infrastructures from this unwanted junk mail.

Potentially zapping businesses of both resources and money, image spammers are working quickly to devise new variants of spam. At the same time, vendors are creating products to insulate businesses from these insidious threats.

Image spam, or image e-mail, is essentially a message encoded in an image. It may appear as a picture of text or a picture of products. Today, image spam represents about 40 percent of all spam, up from less than five percent in 2005, according to Doug Bowers, senior director of engineering, messaging and web security at Symantec.

"Spammers are using image spam to avoid or sneak around spam filters that pass through text," he says, essentially upping the ante for security vendors and IT departments.

The biggest impact of image spam on companies is on productivity. "If the spam is successful in evading the filters, users are left to deal with unwanted e-mail which takes time to read and delete," Bowers says.

Up to 10 times as large as a text-based e-mail, image spam can also burden the corporate network infrastructure by eating up precious bandwidth. Storing image spam also taxes IT resources.

"Regulation-rich companies are responsible to keep e-mails that show up in their networks," says Matt Hartwell-Herrero, group product manager at Symantec. Together, companies are left with potential increases in hardware costs and network operation costs.

Spammers are generally considered to be among the most innovative people in the security industry today, as demonstrated by their use of both networks and image spam to evade antispam defenses, according to the Enterprise Strategy Group (ESG).

At the end of the day, image spam is more than an annoyance to businesses: it's disruptive, costly, and time consuming.

Wreaking Havoc
Ferris Research reports that over the past 24 months, the overall cost of spam doubled from approximately $50 billion worldwide in 2005 to an estimated $100 billion in 2007. In the U.S. alone, the cost of spam is estimated to increase from $19 billion in 2005 to $35 billion in 2007, according to Ferris. For businesses, these costs primarily result from:

• Productivity loss from inspecting and deleting spam that gets missed by spam control products (false negatives)
• Productivity loss from searching for legitimate e-mail deleted in error by spam control products (false positives)
• Operations and help desk costs

Looking at spam in general, and image spam in particular, it's clear that spammers have evolved from sending solicitations for the sale of goods to more dangerously motivated behavior such as crime and fraud. This trend became most evident in 2006 with the increase in spam images and associated stock "pump and dump" schemes.

In a nutshell, "pump and dump" scams involve a scammer who purchases a low cost stock, sends out millions of e-mail messages touting the stock and encouraging buyers, who as a result of their purchases, cause the stock price to rise and make the spammer money when he cashes out, turning a quick profit.

Because the spammer is using corporate resources to fuel his scam, this criminal activity is important to businesses. Think of it as hijacking or stealing a computer. A machine becomes infected with a trojan that sets up an application to send out spam. A command and control network tells the trojan where to send spam. The spam is propagated and grows by automated processes.

Layered Defense
A successful strategy for dealing with image spam is to deploy a layered defense.

"The goal for companies is to stop as much image spam as possible at the edge of the network, and then do a deeper analysis on e-mail that passes the first checkpoint," says Bowers.

Symantec Corp.'s Mail Security product line boasts that it can effectively remove 97 percent or more of received spam.

Symantec Mail Security 8100 Series, a traffic-shaping appliance, stops up to 80 percent of spam traffic at the edge of the network. That leaves as little as 20 percent to be handled by the Symantec Mail Security 8300 Series appliances, which is the next stop in a multi-layered mail infrastructure. The deeper content analysis that the 8300 is able to perform ensures that messages are properly classified and that use of networking and computing resources are maximized.

The Symantec Mail Security 8300 Series features integrated, best-of-breed antispam, antivirus, and content-filtering technologies to stop spam, viruses, and other e-mail-borne threats at the SMTP gateway. Users running the second-generation Version 5 software can take advantage of content filtering capabilities, incident management, and reporting, according to the company.

Powered by the Symantec Brightmail AntiSpam engine, the 8300 Series appliances deliver an antispam effectiveness rate of greater than 97 percent and a 99.9999 percent accuracy rate against false positives, according to ESG.

Symantec's Mail Security 8300 Series Appliance Software is one of several products included in the vendor's Information Foundation 2007 end-to-end solution for integrated information risk management for enterprise messaging and collaboration systems.

What should IT departments look for when shopping for an antispam product partner? ESG recommends the following:

• Effectiveness, or how well the anti-spam solution filters known spam. Preferable products are highly effective at identifying and keeping spam from reaching the mailboxes of end users.
• False positives, or overly aggressive antispam products that falsely classify and filter legitimate business e-mail as spam. A high rate of false positives can lead to the quarantining of important business correspondence and decreased productivity as end users scan filtered e-mail for legitimate messages.
• Responsiveness, or how proficient the vendor is at rapidly detecting new types of spam, pushing out updated filtering rules to the enterprise, and validating low false positive rates.
• Performance. Antispam solutions need to be able to handle high volumes of e-mail without requiring additional systems or incremental administrative overhead.

"A good anti-spam solution allows companies to reclaim their network resources," says Bowers. "Symantec has anti-spam products with the best combination of effectiveness and accuracy."