Email servers strain under doubled spam load

, posted: 1-Nov-2006 15:30

If you have noticed a big increase in spam lately, you're not alone. My mail server is getting hammered by spammers, and half of Ihug's customers experienced a day-long delay in receiving email.

Much of the spam comes as images - that is, spammers make pictures, with the "sales pitch" text in them. Just about all the image spam I've seen is for illegal pump-n-dump penny stock scams, and they're getting through the spam filters.

I just got a press release from Secure Computing, which included the below chart that says image spam volumes have doubled lately:

Secure Computing

This is vendor supplied information, and should be treated with as such, but everything I've seen so far points to Secure Computing being right. Other sources such as McAfee reckon image spam makes up for around forty per cent of the total spam volume now.

Stopping this kind of spam is difficult, especially since some images are rendered dynamically according the text in them and thus vary in size. I've found some useful rules for Spam Assassin at but have yet to install FuzzyOCR, an optical character recognition plug in for SA. Having to use resource intensive OCR doesn't seem like the right way to go. I'm going to see if I can make use of pf's ability to fingerprint connections from specific operating systems, and firewall off say Windows desktop ones.

Have also heard that "greylisting", which temporarily defers reception of email, is effective here.

Image spam takes up more bandwidth than text-based stuff, which in turn may be one reason the Internet seems to be in go-slow mode at the moment. Haven't had any confirmation about this yet though, so pure speculation on my part.

Where does the spam come from then? Well, it could be your Windows box, compromised using for instance the recent SpamThru trojan horse. The recent spam-flood has been accompanied by many more trojans being emailed out to users as well, I note. Clearly, the spammers are seeking more recruits to their bot armies.

Other related posts:
Flickr targetted in new-style social phish/trojan attack

comments powered by Disqus


Google News search
IT News
PC World New Zealand
Computerworld NZ
PC World and Computerworld Australia
PC World US
Computerworld US
NZ Herald
Virus Bulletin

Content copyright © Juha Saarinen. If you wish to use the content of my blog on your site, please contact me for details. I'm usually happy to share my material as long as it's not for spamblogs and content farms. Please attribute with a link back to this blog. If you wish to advertise on my blog, please drop me an email to discuss the details.
Comments policy All comments posted on this blog are the copyright and responsibility of the submitters in question. Comments commercial and promotional in nature are not allowed. Please ensure that your comments are on topic and refrain from making personal remarks.