The 10 worst …

Spamhaus gave a bunch of us a preview of their new “Top 10 worst” (or should that be bottom 10?) lists at M3AAWG. These lists have now been released to the public.
sh_logo1
The categories they’re measuring are:

Nothing really surprising there, but it’s nice to see the numbers.
I have to wonder if the listing of the top 10 spammers will change the minds of some of the anti-CASL folks. To listen to them all the “real” spammers are criminals hiding over seas. But, according to Spamhaus, 6 of the top 10 spammers are in the US and two of the others are in Canada (albeit with Russian influence). Only two of the top 10 spammers are outside North America.
The other thing that surprised me about the top 10 spammers is that I recognize some of the names from names clients have mentioned to me as legitimate marketing partners and affiliates. These hard core spammers, some of the worst in the world, convince real companies to pay them money to send mail. It’s great for the spammers, they get paid whether or not mail is delivered. In my experience, though, it’s not so great for their customers though. Customers frequently end up dealing with major delivery problems, even for the mail the send directly.
Another thing worth discussing is the list of TLDs. This is TLDs that have the highest ratio of spam domains compared to the total number of domains in the TLD, it’s not a list of TLDs with the most spam domains. I expect that award goes to .com. I do expect this to be a volatile list. Spammers are, at heart, cheap con artists. While they will spend money to try and get their mail through, they’ll also try to find a deal when they can. As TLDs run sales and offer incentives, they’re going to attract more spammers.
I have heard some folks managing the filters saying that the new and non-standard TLDs are treated as guilty until proven innocent. I think until the TLD owners figure out they need to actually pay attention to abuse it’s best to stick with the mainstream TLDs.

Related Posts

CASL botnet take down

biohazardmailThe CRTC served its first ever warrant as part of an international botnet takedown. The warrant was to take down a C&C (command and control) server for Win32/Dorkbot. International efforts to take down C&C servers take a lot of effort and work and coordination. I’ve only ever heard stories from folks involved but the scale and work that goes into these take downs is amazing.
Bots are still a problem. Even if we manage to block 99% of the botnet mail out there people are still getting infected. Those infections spread and many of the newer bots steal passwords, banking credentials and other confidential information.
This kind of crime is hard to stop, though, because the internet makes it so easy to live in one country, have a business in a third, have a shell corp in a fourth, and have victims in none of those places. Law enforcement across the globe has had to work together and develop new protocols and new processes to make these kinds of takedowns work.
 

Read More

CBL issues

I started seeing some folks complain about false CBL listings a few hours ago. I’m now seeing the same folks saying the listings are being removed.
The symptoms look similar to what happened in November (mentioned here), but it appears the CBL team are on top of things and are working to rectify things quickly.

Read More

Increase in CBL listings

Update: As of Nov 24, 2015 11:18 Pacific, Spamhaus has rebuilt the zone and removed the broken entries. Expect the new data to propagate in 10 – 15 minutes. Delivery should be back to normal.
The CBL issued a statement, which I reposted for readers that find this post in the future. I think it’s important to remember there is a lot of malicious traffic out there and that malicious traffic affects all of us, even if we never see it.
Original Post from 10am pacific on Nov 24
cbl-logo-2012
Mid-morning west coast time, I started seeing an uptick in reports from many ESPs and marketers that they were getting listed on the XBL/CBL. Listings mentioned the kelihos spambot.

Read More