Do email spam filters scan image content and QR codes?

9 Marketer opinions 5 Expert opinions 4 Technical articles 5 Resources

Summary

Email spam filters actively scan image content and QR codes using various methods, including OCR to detect suspicious text and patterns. While sophisticated, effective image scanning is resource-intensive, and the level of analysis can vary based on factors like DMARC passing status. Filters look for suspicious content, malicious code, policy violations, high image-to-text ratios, and problematic QR codes. Optimizing images, using descriptive alt text, balancing text and images, using QR codes carefully, and avoiding malicious content are essential for deliverability. Spammers historically used images to bypass filters, but modern OCR technology counteracts this, flagging such attempts.

Key findings

Image Scanning is Common: Various email platforms like Gmail and Exchange Online actively scan images.
OCR is Used: Optical Character Recognition (OCR) is used to analyze images for text.
QR Codes are Suspect: QR codes can be red flags, particularly if linking to unfamiliar or suspicious domains.
Alt Text is Important: Descriptive alt text is crucial; missing or irrelevant alt text can trigger spam filters.
Image Size Matters: Large image sizes can negatively impact deliverability.
DMARC Impact: Emails that are DMARC compliant are less likely to be scrutinised.

Key considerations

Optimize Images: Optimize images for size and resolution to avoid triggering spam filters.
Use Alt Text: Use descriptive and relevant alt text for all images.
Balance Text and Images: Maintain a balance of text and images to avoid being flagged as spam.
Use QR Codes Carefully: Use QR codes sparingly, ensuring they link to reputable sites.
Avoid Malicious Content: Ensure images don't contain malicious code or violate email service provider policies.
Watch Image-to-Text Ratio: Be mindful of the image-to-text ratio, as high ratios can raise suspicion.

What email marketers say
9Marketer opinions

Email spam filters actively scan image content and QR codes, employing techniques like OCR to detect suspicious text and patterns within images. While images were once used to bypass text-based filters, modern filters now scrutinize them closely. QR codes, especially those linking to unfamiliar domains, can also raise red flags. Factors such as image size, the presence and relevance of alt text, and the overall balance of text and images in an email impact deliverability.

Key opinions

Image Scanning: Spam filters scan images for suspicious content and patterns.
QR Code Scrutiny: QR codes in emails can be a red flag, particularly if linking to unfamiliar domains.
OCR Technology: OCR (Optical Character Recognition) is used to analyze text embedded within images.
Alt Text Importance: Descriptive alt text is crucial; missing or irrelevant alt text can trigger spam filters.
Image Size Impact: Large image sizes can negatively impact deliverability.

Key considerations

Optimize Images: Optimize images for size and resolution to avoid triggering spam filters.
Use Alt Text: Use descriptive and relevant alt text for all images.
Balance Text and Images: Maintain a balance of text and images to avoid being flagged as spam.
QR Code Caution: Use QR codes sparingly, ensuring they link to reputable sites.
Reputable Links: Ensure all links, including those within QR codes, lead to reputable domains.

Marketer view

Email marketer from Email Geeks shares that Proofpoint does QR analysis.

October 2022 - Email Geeks

Marketer view

Email marketer from EmailOctopus explains that using descriptive alt text for images is crucial. Spam filters often look for missing or irrelevant alt text as a sign of spam.

November 2023 - EmailOctopus

Marketer view

Email marketer from Mailjet shares that while text is heavily scrutinized, images are also scanned for suspicious elements. They recommend optimizing images and using alt text.

April 2022 - Mailjet

Marketer view

Email marketer from Moosend responds that QR codes can be a red flag for spam filters, especially if they link to unfamiliar or suspicious domains. They recommend using QR codes sparingly and ensuring they link to reputable sites.

July 2024 - Moosend

Marketer view

Email marketer from Litmus shares that large image sizes can trigger spam filters. Optimizing images for size and resolution is essential for deliverability.

September 2023 - Litmus

Marketer view

Email marketer from StackOverflow explains that Spamassassin does check images.

January 2025 - StackOverflow

Marketer view

Email marketer from Reddit explains that using images instead of text to by-pass spam filters doesn't work any more - OCR is used now so it will likely trigger.

February 2023 - Reddit

Marketer view

Email marketer from Sender.net answers that spammers sometimes embed entire messages as images to bypass text-based filters. They suggest using a balance of text and images.

August 2024 - Sender.net

Marketer view

Email marketer from Reddit says to be careful embedding QR codes as links in emails - spam filters flag these as suspicious and can be detrimental to sending reputation.

April 2024 - Reddit

What the experts say
5Expert opinions

Email spam filters do scan images, using various methods, including OCR to detect text. However, in cases of DMARC passing emails from known entities with high mail volume, in-depth content analysis is less likely. While effective image scanning is computationally expensive, filters look for suspicious text, high image-to-text ratios, and the presence of QR codes, which can be considered suspicious. Spammers have used image-based spam to evade filters, but modern filters use OCR to counteract this.

Key opinions

Image Scanning Occurs: Email spam filters scan images using various methods.
OCR Usage: OCR (Optical Character Recognition) is used to detect text within images.
DMARC Impact: DMARC passing emails from known entities might receive less in-depth content analysis.
Scanning Cost: Effective image scanning can be computationally expensive.
QR Code Suspicion: The presence of QR codes can be considered suspicious.

Key considerations

Monitor Image-to-Text Ratio: Be aware that filters might flag messages with high image-to-text ratios.
Use QR Codes Carefully: Use QR codes cautiously, as their presence can raise suspicion.
Understand DMARC Implications: Consider that DMARC passing status may influence the level of content analysis performed.
Be Aware of OCR: Understand that OCR is used to detect text within images, so avoid embedding spammy text.

Expert view

Expert from Spam Resource explains that spammers have employed image-based spam, embedding text within images to evade traditional text-based filters; however, modern spam filters utilize OCR to analyze these images.

January 2025 - Spam Resource

Expert view

Expert from Email Geeks explains that scanning images in any useful way is fairly expensive.

January 2025 - Email Geeks

Expert view

Expert from Email Geeks explains that if the mail is DMARC passing from a known entity with an incredibly high one-off volume of mail, they're unlikely to do a lot of analysis on content.

March 2025 - Email Geeks

Expert view

Expert from Word to the Wise explains that some filters look for text within images using OCR and can flag messages if the text is suspicious or if the image-to-text ratio is too high. Also adding that including a QR code is pretty suspicious

September 2023 - Word to the Wise

Expert view

Expert from Email Geeks explains images are scanned for various things and in various ways.

March 2021 - Email Geeks

What the documentation says
4Technical articles

Various email platforms like Gmail and Exchange Online actively scan images for suspicious content, malicious code, and policy violations, aiding in spam and malware detection. Advanced spam filters, as highlighted by Spamhaus, utilize OCR (Optical Character Recognition) to analyze images for embedded text, identifying potential spam indicators. Apache's Spamassassin can also be configured to perform image checks using OCR, extending the capability to scan images for content.

Key findings

Gmail Image Analysis: Gmail's spam filters analyze images for suspicious content, including embedded text and unusual patterns.
Microsoft Exchange Protection: Exchange Online Protection scans images for malicious code and content that violates their policies.
Spamhaus OCR: Advanced spam filters use Optical Character Recognition (OCR) to analyze images for text content.
Spamassassin Configuration: Spamassassin can be configured to check images using OCR.

Key considerations

Image Content: Ensure images don't contain suspicious or misleading content.
Avoid Malicious Code: Verify images are free from malicious code to prevent malware filtering.
Review Policy Compliance: Confirm images comply with the policies of email service providers.
Configure Spamassassin: Consider configuring Spamassassin with OCR for enhanced image analysis.

Technical article

Documentation from Apache explains that it is possible to configure Spamassassin to check images using OCR.

August 2021 - Apache

Technical article

Documentation from Spamhaus indicates that advanced spam filters use optical character recognition (OCR) to analyze images for text content and identify potential spam indicators.

September 2022 - Spamhaus

Technical article

Documentation from Microsoft Learn indicates that Exchange Online Protection scans images for malicious code and content that violates their policies, contributing to spam and malware filtering.

August 2023 - Microsoft Learn

Technical article

Documentation from Google Workspace Admin Help explains that Gmail's spam filters analyze images for suspicious content, including embedded text and unusual patterns, contributing to overall spam detection.

May 2022 - Google Workspace Admin Help

Malicious QR Codes: How big of a problem is it, really?

QR codes are disproportionately effective at bypassing most anti-spam filters. Talos discovered two effective methods for defanging malicious QR codes, a necessary step to make them safe for consumption.

Cisco Talos Blog

60% of Emails with QR Codes Classified as Spam or Malicious ...

60% of QR code emails are spam according findings from Cisco Talos, who also identified attackers using QR code art to bypass security filters

Infosecurity Magazine

Quishing: What you need to know about QR code email attacks ...

Quishing attacks allow bad actors to launch email campaigns that appear to have legitimate QR codes. See examples of malicious QR codes that are commonly used by cybercriminals today.

Barrcuda Blog

QR Code Phishing Attacks: New Abnormal Capabilities… | Abnormal

Discover the risk of these image-based QR attacks and how Abnormal’s AI-native detection system protects you.

Abnormal

Quishing Triage: How to Investigate Suspicious QR Codes in Emails

Explore a comprehensive guide on quishing - phishing with QR codes, and dive into practical steps for investigating suspicious emails with embedded QR codes

Intezer

Are image-based emails a good practice, and what are the deliverability and accessibility implications?

Are image-only emails bad for deliverability?

Can images in emails cause them to go to spam?

Do images in email and PDF attachments affect email deliverability?

Do images in emails affect deliverability?

Do images in emails trigger spam filters and how does email fingerprinting work?