Terry Zink has been talking about some strange trends in spam over the last week. The newest trend is image spam in the form of text. Don’t ge it? Neither does Terry, here are her theories:

• These are newbie spammers who haven’t figured out how to embed their spam in images yet but have heard great things from others who have done it.
• Spammers have some broken spamware.
• It’s deliberate – spammers are mixing things up. They may have stopped having as much success with their image spam so they are going old-school back to plain old text spam. They are testing to see if this gets through filters any better.

She suggests,

If it is point 3, I would say that it’s clever but probably not going to help very much. Spam filters build layers of protection on top of previous layers; previous layers are not stripped away when new ones are introduced. I am wondering just what they are up to, however. Stock spam is a problem but clearly spammers have figured out that sending stuff in images works (that is, it appears to work). To revert back to an older technique is unusual.

Here at Architel we are working various solutions to reduce the number of spam messages our it support clients receive. Our current hosted spam system is doing a bang up job ~ but it is being stressed to the breaking limit. We are resolving the scaling issue by adding additional servers to balance the load. It is also missing a lot of messages (so is everyone else) and we are working on using the collective intelligence of our 3,000+ users to try to make our system smarter.

One method we are exploring is the use of each client’s monitoring server as a auto-white list. Any reciepient of an email from the client’s network would be auto-white listed for that client. The list of ‘good addresses’ would be stored on the client’s monitoring server. This list would then be sent to our servers to create a off-white list ~ each of our clients would contribute to this list. While the good address would be auto-white listed at the clients site, the address would be scored lower (i.e. lower score means the message can get in). This, of course, is in addition to our other methods currently in use.