Spamhaus gave a bunch of us a preview of their new “Top 10 worst” (or should that be bottom 10?) lists at M3AAWG. These lists have now been released to the public.
The categories they’re measuring are:
Nothing really surprising there, but it’s nice to see the numbers.
I have to wonder if the listing of the top 10 spammers will change the minds of some of the anti-CASL folks. To listen to them all the “real” spammers are criminals hiding over seas. But, according to Spamhaus, 6 of the top 10 spammers are in the US and two of the others are in Canada (albeit with Russian influence). Only two of the top 10 spammers are outside North America.
The other thing that surprised me about the top 10 spammers is that I recognize some of the names from names clients have mentioned to me as legitimate marketing partners and affiliates. These hard core spammers, some of the worst in the world, convince real companies to pay them money to send mail. It’s great for the spammers, they get paid whether or not mail is delivered. In my experience, though, it’s not so great for their customers though. Customers frequently end up dealing with major delivery problems, even for the mail the send directly.
Another thing worth discussing is the list of TLDs. This is TLDs that have the highest ratio of spam domains compared to the total number of domains in the TLD, it’s not a list of TLDs with the most spam domains. I expect that award goes to .com. I do expect this to be a volatile list. Spammers are, at heart, cheap con artists. While they will spend money to try and get their mail through, they’ll also try to find a deal when they can. As TLDs run sales and offer incentives, they’re going to attract more spammers.
I have heard some folks managing the filters saying that the new and non-standard TLDs are treated as guilty until proven innocent. I think until the TLD owners figure out they need to actually pay attention to abuse it’s best to stick with the mainstream TLDs.
We’ve been blacklisting all of the newer “junk” domains for more than a year. Have found it to be very effective in preventing end users from receiving from these TLDs and no complaints of missing or undelivered mail.
Thank you Laura for your insights (in your blog posts) and making this information available.
We have been blacklisting these “junk” domains (server side) for more than a year with no complaints from end users.
Thank you Laura for making this information available – including your other blog posts.