Start New Discussion within our Hardware and Software Community

If there is one thing that everybody can agree it is that spam is a right royal pain the ass. If there is another then it is that image spam is the biggest pain in the ass of all. While it is bad enough for the end user, especially at the smaller end of the scale where desktop filtering clients are the order of the day because there isn’t the budget to support enterprise grade server side solutions, the real victims are the service providers. Think about it, these guys are getting hit by an enormous volume of unwanted traffic, saturating bandwidth and costing them not inconsiderable amounts of money.

Which is why you should not be surprised to learn that one of the latest breakthrough developments in the fight against image spam has not emerged from the research labs of some security vendor or one of the big names in the established anti-spam game, but rather it is a web hosting company that is making that announcement this week. STRATO is one of the larger pan-European web hosts, and has been collaborating on its picture spam filtering technology with the boffins at the Institute of Computer Technology at the Humboldt University in Berlin since as far back as 2005.

“STRATO handles over two billion E-mails per month which illustrates the extent of current E-mail traffic” Rene Wienholtz, STRATO CTO told me, continuing “spam senders are exploiting the fact that picture spam is a relatively new phenomenon and there are few solutions on the market able to tackle the problem effectively.” As a result, according to STRATO figures at least (and borne out by the experience of most of us I would hazard to guess) the overall amount of spam traffic has risen from 75% by volume of all email, to more than 90% in the course of the last three months alone.

So what does the STRATO picture spam filter do to plug the flood? The answer is that it uses a new technique called fingerprinting that was developed in collaboration with Professor Scheffer, a computer science expert now working for the renowned Max-Planck-Institute who told me that “no single spam picture is identical to another and the perpetrators of spam automatically create millions of variations of their spam E-mail, which differ in some details but appear identical on screen. Fingerprinting allows picture spam to be identified via similar characteristics. Without Fingerprinting, each individual picture would need to be analyzed which is an impossible task”.

Impossible task indeed, which is why I am really rather quite excited by this breakthrough even though I don’t use the STRATO hosting services. The chances are that the technology can be licensed for use by others, or at least I hope so, and we can kiss this image spam nuisance goodbye at last. The technology itself is interesting as well, because it relies upon the pictures contained within a ‘spam-wave’ leaving an individual fingerprint which can be detected by the system and filter out mass-mailed picture spam in one fell swoop. Corresponding fingerprints can be generated by color distribution, for example a certain color percentage in a specific tone, or by the composition or structure of the individual graphics. If similar, these characteristics will reveal a common sender or identical content.

Wienholtz concludes: “STRATO reliably delivers desired E-mails and our spam filters make the junk folder obsolete, meaning time is not wasted sifting through the junk folder in the search for wanted emails. Spam senders are constantly working to outsmart filters, but at STRATO we constantly develop our systems to join them. We are currently working to develop a filter which will learn from the spam senders’ tactics and develop the corresponding countermeasures to stay a step ahead of them. This is made possible by self-improving algorithms, a method whereby a new type of picture spam is recognized and then added to the filter’s repertoire, so no mistake is repeated. Programmers try to anticipate the spam senders next moves and write the algorithms accordingly using Game theory, a type of mathematical chess game. Our aim is to detect tomorrow’s spam, today”.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

The article starter has earned a lot of community kudos, and such articles offer a bounty for quality replies.