Spammers and hackers are turning to a new technique to defeat anti-spam appliances and, in some cases, knock email servers offline. Spam Spikes is an attack method where a domain’s email servers are flooded with thousands and thousands of messages for a prolonged period of time. The spike messages are typically image spam. The combination of image spam and high volume can quickly overwhelm concentrated security appliances. If that happens, an email server is defenseless and can easily be knocked offline by the contiuned barrage. This is the curious part, though, because it seems to defeat the purpose of the attack, which is to spread spam and malware. Once the mail server is offline, then the spam is no longer being delivered. Which leads one to conclude that Spam Spikes are double-edged weapons. On the one hand, they can be used to overwhelm anti-spam appliances and get spam messages into inboxex. On the other, they can be used as a tool of malicious attack to bring down a mail server.

From our perspective, Spam Spikes seem to be an odd tool for spammers to employ, as they send out a loud signal over a prolonged period of time. Conventional wisdom holds that spammers are very ruluctant to expose their botnets with loud attacks.

To protect against spam spikes (and for the best protection from email spam and virueses), adminstrators should consider trading their self-managed, concentrated, single-point of filtering, local network attached hardware for a distrubuted, off-network filtering service. There are many reasons why we feel that a distributed, off-network filtering service ios far superior. Reletive to this discussion, the managed service is far less likely to be overwhelmed by a spike, because there are multiple (in the case of our service, thousands) of filtering servers. With the concentrated, local hardware/software there is a single point of filtering and thus a bottleneck and and a single point of failure.