Thursday, August 2, 2012

Yahoo is currently the worst Spam sender

Currently we see massive Spam outbreaks from within the Yahoo network. Nearly 3 of 4 Spam mails hitting our spam traps originate from Yahoo.
The numbers do only count the spam trap hits by real MTAs (Mail Transfer Agents) and explicitly exclude any dynamic IP range or customer associated IPs.

So the numbers don't show spam bot activity but abused mail accounts or abused customer's mail servers.
The numbers are taken from July 25th 2012 to August 2nd 2012. On the diagram you can see the TOP 30 companies sending unsolicited mail plus "Others" which include all the other MTAs hitting the traps. The total number of underlying Spam mails is 82,500.
According to millions of spam mails via spam bots per day, the number 82,500 for a whole week sounds very small. But current anti spam technologies (RBLs, Greylisting) cope very well with spam bot activities. MTAs of the big email senders and server hosters aren't blocked by RBLs and they also bypass Greylisting. Due to these facts spammers try to take control over somebody other's mail account and use that to send spam. Alternatively they create their own mail accounts, rent servers or cloud based CPU hours.

The diagram above shows very well which company is able to either avoid abuse, recognize abuse, handle abuse or ignore abuse. You can draw the conclusions...

Edit 23:05 CEST:
I'm so sorry for my incomplete research. But "Inktomi" with ASN 14778
is now also known as "Yahoo!". So it must read more than 3 of 4 spam mails come from Yahoo!

No comments: