Everyone’s spam is unique

How much spam you get depends on three main things, how many spammers know (or guess) your email address, how good your spam filtering is, and of course, how active the spammers are.

A couple of years back I investigated how spam volumes varied depending on the first letter of your email address (comparing aardvark@example.com with zebra@example.com), with the variations almost certainly coming down to “guessability” (an email address of john@ is easier to guess than yvette@).

As to the impact of filtering, I investigated spam levels in the aftermath of the disabling of McColo — asking whether it was the easy-to-block spam that disappeared? The impact of that closure will have been different for different people, depending on the type (and relative effectiveness) of their spam filtering solution.

Just at the moment, as reported upon in some detail by Brian Krebs, we’re seeing a major reduction in activity. In particular, the closure of an affiliate system for pharmacy spam in September reduced global spam levels considerably, and since Christmas a number of major systems have practically disappeared.

I’ve had a look at spam data going back to January 2010 from my own email server, which handles email for a handful of domains, and that shows a different story!

It shows that spam was up in October … so the reduction didn’t affect how many of the spam emails came to me, just how many “me’s” there were worldwide. Levels have been below the yearly average for much of December, but I am seeing most (but not all of) the dropoff since Christmas Day.

Click on the graph for an bigger version… and yes, the vertical axis is correct, I really do get up to 60,000 spam emails a day, and of course none at all on the days when the server breaks altogether.

4 thoughts on “Everyone’s spam is unique

  1. I saw the same thing on Christmas Day and haven’t been able to figure out the cause. Good to see someone else with similar results! Here’s my graph of the change on my mail server: image

  2. I’ve noticed that a couple of spammy botnets seem to have been taken down recently. What may have happened, if they weren’t taken out somehow, is they just changed tactics and decided that spam was a waste of bot resources. Anyway for whatever reason inbound attempts to connect to port 25 seem to be down recently.

    The only uptick was the new conficker/storm/waledac variant. That did spam for a while over the New Year but now that seems to have had all its domains taken away from it so I guess it is dead now

  3. The obvious reason why spam went down after Christmas is that a lot of people got new computers on that day, which took malware-infested computers offline.

    It stands to reason that a disproportionate amount of replaced computers were crippled by malware. That’s especially true during a slow economic cycle, as people are less likely to upgrade a computer that is working normally.

    Spam levels will go back up as the new computers get infected.

  4. A few years back I received a pyramid email asking me to join a “mailing list” where physical postal addresses were also used. I checked these addresses on Google maps to confirm that they were real; doing so proved just that. Instructions on how to join the “list” were also included, along with the line “buy an e-mall list CD from somewhere online, these cost about £35, but I would get a return of at least £200,000”. This assumed that I sent £1 to the first address on the list. When you got to the top of the list, that’s when you start making money. The list of addresses being the “mailing list” The rest of the message was simply “Please add me to your mailing list” What I was supposed to do then was add my postal address to the e-mail then removing the first postal address and forward it to the e-mail addresses on the CD. If the pyramid was broken, it stated that it did not matter; it wasn’t for everyone. There would be plenty of opportunity for others to profit from it. Needless to say I thought that this was full of holes and I decided not to take part in it.

Leave a Reply

Your email address will not be published. Required fields are marked *