Spam is a continually evolving threat. Randomized image spam is just the latest mutation in a long line of techniques used by spammers to thwart the defenses put in place by the antispam community. What's different about image spam is that most traditional antispam techniques have failed to offer an effective means to thwart it.

Consequently, the volume of image spam has increased. Because image-spam messages tend to be larger than traditional spam, more network and disk use must be devoted to them. Understandably, this is an alarming turn of events, but there is no reason to be overly concerned by the image-spam threat if you have the correct reactive solution in place at the edge of your network.

To combat image spam successfully, a product requires three capabilities. First, it must block unwanted messages as soon as possible. The blocking system must use IP address-based reputation and SMTP behavior to decide whom to block and whom to let through. The reputation system must understand how a particular sending IP address behaves in a global context and adapt in real time to changes in sending behavior. Using these connection-management techniques, as much as 80% of inbound spam can be stopped before it places a load on your network and e-mail systems.

Second, the product must identify suspected messages as spam. Systems that rely on lexical analysis of messages fall short, because there is no consistent text in image-based spam. Systems that rely on matching similar messages throughout a collection system also fall short, because no two image-spam messages are identical. In addition, some antispam mechanisms use optical character recognition techniques to try to extract text from image-spam messages.

Unfortunately, the overhead and accuracy required renders this solution ineffective for most companies. To be effective, an antispam solution must observe the behavior of message senders and the messages they send in a global context, identifying patterns of behaviors for these senders and separating legitimate senders and messages from spammers and spam.

Finally, the product needs controls that allow users to select what they believe to be legitimate messages and those that are spam. No solution, however sophisticated, can stop 100% of spam without eventually stopping a piece of legitimate mail. An edge e-mail hygiene solution should allow users to manage the messages that have been identified as potential spam.