Career scofflaws The Pirate Bay have just launched a new service called BayImg, which promises free, uncensored image hosting for any 'legal' image. This has certain implications for spam.
The Pirate Bay, for those of you who haven't been keeping up, run what they claim is the world's largest BitTorrent tracker, with pointers to many thousands of torrents that allow users to download whatever the torrent creators choose to serve up — which in practice usually means pirated MP3s and movies, plus a side-helping of porn. Depending on who you ask, they're either a criminal organization bent on starving honest artists and businessmen, or the saviors of humanity, striking a bold blow for freedom against the capitalist oppressors because information wants to be free, yo.
Personally, I think ... no, wait. I'm not going to go there. What The Pirate Bay does isn't relevant to the topic of spam, so I don't want to get sidetracked.
BayImg, on the other hand, is relevant. We've recently seen a new trend in image spam, where instead of embedding an actual image in the email, the spammer places a link to an image hosted on a web site. In some cases, the spammers reference websites hosted on a botnet-served domain of their own creation. In others, they make use of images hosted on a free image-hosting service.
After an initial honeymoon period the bigger image-hosting services, such as imageshack.us, started to terminate spam-linked images with remarkable speed. In fact, some of them were so fast that I suspected them of proactively monitoring images and preemptively terminating any that smelled of spam. Good for them, if so. But that left the smaller image-hosting services, of which there were more than I had ever dreamed. It actually started to look as if everyone on the planet who has enough programming skills to write a PHP file upload handler (or download one from somewhere) has at some point created their own free image-hosting service. Having created the service as part of some half-baked business venture that failed to pay off, they don't actually have any interest in policing what gets uploaded, so good luck trying to get a spammer's images taken down even if you can find a working contact address. About the only redeeming feature is that these orphaned children tend to be on sluggish connections and may even have bandwidth caps, rendering them less ideal for spam purposes.
Now we have BayImg, with its no-censorship promise, the technical strength of the Pirate Bay team behind it, and bandwidth and server space to spare. That whispering noise you can hear is the sound of all the spammers and virus-writers on the planet rubbing their hands in delight. If the basic platform isn't enough, consider that BayImg is going to have positive brand recognition. People will want to look at pictures with bayimg.com URLs, because they know that it's going to be stuff they want but probably shouldn't have (stolen music and movies, skanky porn, etc). A bayimg.com URL in a message will probably guarantee an increased click-thru rate.
So, while the paint is still wet on the BayImg storefront, I suggest that you might like to consider adding bayimg.com to your message body filters. If you administer a shared filter, the presence of a bayimg.com URL in a message body should be good for another point or two on the score. If you're maintaining your own filters, give serious thought to treating as spam any message that contains a URL referencing bayimg.com which doesn't come from a known sender.
It's sad to have to make this recommendation, because I do respect the faux-Voltairean I deplore what you have to say, but I will defend to the death your right to say it
position that The Pirate Bay offer up as the rationale for their new venture. There's unquestionably a need for a place where people can post documents that would otherwise be censored. Experience has shown that the big Internet companies can't be trusted not to knuckle under to whichever genocidal regime has their ear at the moment. If freedom of speech is to persist on the Internet then someone like The Pirate Bay, with their track record of shrugging off takedown attempts, may be the best qualified to provide some of the necessary machinery.
BayImg is actually an instance of a more general issue. Anything that is provided for free can and will be abused. Free webmail accounts, for example, have made it possible for many people to have reliable, easily-accessible email. They've also been a perfect gift to spammers and scammers of every stripe, who have an almost perfectly anonymous point of contact. Free web pages and blog-hosting are another example. On the one hand, they empower 'the little guy' in a way that is almost literally revolutionary. On the other, they're a made-to-measure solution for the needs of many spammers.
At the far end of that continuum, you have the open mail relay issue and John Gilmore — who runs an open relay as a point of principle. (Mr Gilmore has not yet, as far as I know, proposed that CPU cycles on his personal computer should be open to anyone who wants to use them because anything else would be censorship, but that's perhaps the real reductio ad absurdum of that position).
So would I advocate shutting down everything that's free on the Internet and imposing draconian restrictions on who can open a mail account or start a web page? Hell, no! And if we're on the related subject of anonymity, while private domain registrations may make spammers and scammers irritatingly untraceable, they also make it possible for me to run this site. If I had to put my own name and address on the domain registration, I'd be getting daily death threats (I know this for a fact because someone I partner with on the stock spam issue isn't anonymous and does get daily death threats) and seeing constant attacks against my other Internet projects. So free is good, and anonymous is good. Let's not change that.
So we come back to the starting point. BayImg is now here, and it's probably not going to go away (although I predict a positive firestorm of litigation in its future). It is potentially valuable and certainly exploitable and it has features that will render it more desirable to spammers than some comparable services. As such, it will be abused. If you're in the anti-spam game then you need to be aware of it and take appropriate measures — just as you're aware of free webmail services and have developed your own appropriate responses to those. That's all.
P.S. Note to The Pirate Bay: maybe you should add a CAPTCHA to the upload form. It doesn't stifle free expression, but it does make it just a little harder for spammers and virus-writers to abuse your system.