Image spam outbreaks cause major headaches for mail administrators and end users alike. But what are the effects of image spam outbreaks on bandwidth consumption? Granted, we would expect bandwidth consumption to rise, but by how much?
Typically, image spam represents a baseline of 15% – 20% of all spam. However during significant image spam outbreaks, it can account for as much as 30% to 35% of all spam.
The average message size for a spam message typically sits at around 5KB. If the percentage of image spam increases to 35%, then the average message size will be expected to jump to more than 12KB. Couple this with the fact that image spam outbreaks typically occur on top of baseline spam volumes, and there is a serious bandwidth problem in the making. The net result is that bandwidth consumed by spam can easily triple during a major outbreak
In addition, the increased average message size will cause significant extra overhead in server processing time and capacity required for storage.
Let’s take a hypothetical example to highlight just how serious this problem can be. A mail server receives 100,000 spam messages per day, with a baseline rate of 15% image spam and an average spam message size of 5K. A large-scale image spam outbreak occurs resulting in the following changes to the baseline spam stats:
|
Before Image spam outbreak |
|
|
Percentage of Image spam |
15% |
|
Average Message size: |
5KB |
|
Spam Volume: |
100,000 per day |
|
Daily spam Bandwidth |
500MB |
|
After Image spam outbreak |
|
|
Percentage of Image spam |
35% |
|
Average Message size: |
12KB |
|
Spam Volume: |
130,000 per day |
|
Daily spam Bandwidth |
1560MB |
There is now a cascading series of problems:
- Because of the combination of increased volume and average message size, the bandwidth requirements have trebled.
- Due to the larger average message size each SMTP receiving thread is held open for longer – couple this with the increased number of messages – we now have a significantly larger load on the SMTP service. This significantly increases the chance of all incoming SMTP threads being used up, resulting in a Denial of Service scenario.
- The larger message size and increased number of messages will also increase the storage and processing requirements on the mail server.
The best way to mitigate the effects of image spam is to reject as much of it as possible at the periphery. Where possible, try to reject the messages before they are even received, at SMTP connection time. For image spam that gets past this initial line of defense, utilize effective spam filtering to keep this troublesome garbage away from your mail server.
