Spammers will increasingly use artificial intelligence tactics to get their junk delivered to email users, security experts have warned.
A Forrester Research report published this week theorises that the booming image spam pandemic is merely the tip of the iceberg when it comes to spammers' use of AI.
The only way to prevent a repeat of the image spam surge as new models using AI come to light will be for technology vendors and their customers to abandon the current filtering-heavy approach and instead battle the roots of the problem, Forrester analysts said.
While websites and anti-spam providers have used techniques such CAPTCHAs - the tests found in many web applications that ask users to type characters planted in obfuscated images - to beat the spambots, spammers will use AI to create seemingly endless variations on their message campaigns to circumvent filtering tools, the experts said in their report.
"The notion with CAPTCHA is that computer bots and other programs can't efficiently process the image, that they can't deduce the words in the image, and that's the same thing that spammers are doing today to defeat traditional filters," said Chenxi Wang, a co-author of the research.
"People have devised new filters that use technologies such as optical character recognition that has curtailed the spread of image spam," said Wang. "Unfortunately image spam is only one type of AI problem, and spammers have many they will use in the future; this only the beginning of an arms race."
Without a major breakthrough in AI research, Wang said, there is "no way we can bridge the gap", as spammers use new techniques to keep their schemes running.
Among the methods that spammers are already employing to beat image-filtering tools are spam campaigns that use distorted and obfuscated text images, graphic pictures, and audio and video files.
Fighting spammers over each type of content would be a losing battle, Wang said, recommending that users and technology providers instead focus on monitoring messages for fundamental properties, such as the links to malware sites that most of the emails carry.
"Vendors should look through brouhaha calling for them to defend against each type of image spam and build products that attempt to capture the fundamental properties of spam," said Wang. "They can use techniques such as intent analysis and URL reputation analysis; those factors won't change with each new type of campaign that's being invented."