Scott Weiss, founder and CEO of communications security company IronPort likens spammers to dumb, aggressive dogs. Now the anti-spam industry is picking up on new attacks, such as image spam.
After years of spam volumes declining, 2006 saw a significant increase in the amount of junk headed for in-boxes. Weiss believes that the rise in volume is because "more people are getting into the business, and the people that are in the business realize spam's a money-maker".
"People have a profit motive to get into that business; it's not just for fun, now you can really make some money. It's a team-on-team sport, antispam vendors try to field the best team and come up with defences but the reality is these guys have test accounts on every major ISP; they're like a dog with a zap collar, they keep trying the fence until they find a weakness and pound it unmercifully.
"The weakness last year was image spam, which was really a difficult problem to solve. These guys figured out they could send an image and by randomizing a pixel they could make it through traditional spam filters.
"But it's like airport security - we weren't having people take their shoes off until Richard Reid tried to blow one of his shoes up. We didn't have to check our water, then someone figures out you can combine two liquids and make a bomb out of that, too.
"Spammers are innovative, and we've got to stay on top of them. When we see something new or different, we've got to plug that hole immediately. Things like when spammers figured out this past year that many spam filters rely on humans to write rules, and humans have to sleep and don't typically work on Sunday nights, so they send all their spam between 2 and 4am, in a very short window, and it just zipped past all these folks. We see innovation with the spammers and we have to innovate as well.
"Spammer tricks are amusing. For example, putting fake text in a message from books that might be Homer's Odyssey. Anti-spam engines put a score on how spammy each email is, if it has capital letters, if it has a link, there are many different vectors when trying to determine [spam].
"One of my favourites is when the spammers put things into messages to improve their scores- to hoodwink the filters. It's like dressing up in a disguise to get through airport security: 'If I'm dressed as a police officer, maybe they won't shake me down so much.'
Go to Network World to read all of Senior Editor Cara Garretson's interview with ironPort's Scott Weiss.