Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

Some patterns for spam in my inboxes

Some patterns for spam in my inboxes

  • Comments 7

I am lately seeing some odd patterns for spam in my various inboxes.

  • In my Frontbridge account, I regularly see spam from Gmail and never Hotmail.
  • In my Gmail account, I regularly see spam from Gmail but rarely anything else.
  • In my Yahoo account, I regularly see spam from Hotmail, but only rarely Gmail.

Those patterns are odd, I would have thought that they would have been evenly distributed.  Even more interesting is that I don't see much spam from Yahoo.

Leave a Comment
  • Please add 6 and 8 and type the answer here:
  • Post
  • PingBack from http://msdnrss.thecoderblogs.com/2008/01/27/some-patterns-for-spam-in-my-inboxes/

  • > spam from Gmail

    And did Google lie to you, asserting that Google's spam sending server isn't a Google machine?

  • They can run, but they can't hide.  I can read the email headers and the sending IPs confirm it's coming from Google.

  • I don't know what kind of volume you're seeing at these accounts, but chances are it's not really enough to make your observations statistically relevant...

       B. Johannessen <bob@db.org>

  • From Frontbridge mail, over the last six weeks:

    - Yahoo marked as spam 700,000 per day

    - Hotmail marked as spam 400,000 per day

    - Gmail marked as spam 60,000 per day

  • Well, I was talking about the volume at the three accounts in question ("my Frontbridge account", "my Gmail account" and "my Yahoo account") and suggesting that maybe your spam-volume for *those* accounts was too low to make your observations statistically relevant. Then again, I could be wrong :-)

    On a different note; do you have CIDR-ranges for Yahoo, Hotmail and Gmail? I'm trapping a little under 300.000 spam/week and it would be interesting to see how my numbers compare to yours...

       B. Johannessen <bob@db.org>

  • Oh, I see what you mean.  In that case, you're right.  The volume of mail going to them is too small to be statistically significant, it's more of a general pattern I have noticed.

    When you ask for CIDR ranges, are you asking for traffic patterns from the IPs in the CIDR ranges?  Or are you asking for the actual IPs themselves that they use to send outbound mail?

Page 1 of 1 (7 items)