BorderWare MXtreme is an email firewall appliance that detects and filters 98% of all spam from email servers. Image spam is a technique where the spam message consists of an image and a small amount of text that looks like it is 100% text-based, when in fact it is an image that looks exactly like a regular email message. In addition, while all image spam messages may look the same to an end-user, spammers have programs to automatically create each image to have slightly different coloration, speckle patterns, or fonts. This causes messages to appear unique when received and processed by spam filters. The randomness of the images and the message contents make image based spam difficult to classify. Current filters used to prevent image spam including OCR and fingerprinting are not effective to protect against todayâ€™s image spam threats.
To help defeat these attacks, BorderWare developed Interceptâ„¢ Image Analysis a new patent-pending technology. Intercept Image Analysis is an image classification technique, to be used in addition to the existing and effective threat detection techniques to specifically combat image spam.
The Intercept Image Analysis inspects over thirty attributes about each image including positions and relationships to other message characteristics and is designed to adapt and learn about new image spam campaigns and to defeat known and emerging spam threats including:
Word salads used to defeat content filters
Randomization and speckling used to evade bulk detection and fingerprinting
Tiling and splicing and animated GIF images used to confuse OCR
BorderWare has designed Intercept Image Analysis to be used in addition to the existing and effective threat detection techniques including:
Sender Characteristics — Sender characteristics use information from BSN, block lists, behavioral analysis, and other features to determine the reputation of a sender.
Connection Characteristics — Connection characteristics use heuristic information about the connection to determine whether the connecting system is a potential spammer, threat relay, or a mail server that an organization feels it trustworthy to accept a message from.
Message Characteristics — Message characteristics use heuristic token analysis, dictionaries, URL blocklists, and other features to categorize an email message.