Terry Zink's Cyber Security Blog

Discussing Internet security in (mostly) plain English

When do spam outbreaks occur?

When do spam outbreaks occur?

  • Comments 1

Since August, I have been monitoring some of our feedback loops.  We participate in a number of feedback loop programs, including Hotmail, Yahoo and AOL.  If you don't know what a feedback loop is in regards to the context in which I am using the term, allow me to explain it.

When a user with a web mail account gets a spam message, they have the option of clicking "This is spam."  If you are registered with that company (like Hotmail or AOL), you provide them with a list of your outbound IPs.  They check to see what the IP is of the offending spam message is and if it is yours, they send it back to you in a format called Abuse Reporting Format, or ARF.  You can then use these reports to see which of your users is sending out spam.

We get these reports on a daily basis and create an hourly report.  I track the size of the report on the theory that increases in the report size mean that there is a problem with somebody sending outbound spam.  I wondered to myself "Are there any noticeable patterns with outbound spam?  Are some days more likely to be spammier than others?"

The answer to that is yes.  I find it more difficult to monitor inbound spam due to sheer numbers, but outbound spam is easier to measure.  The numbers are smaller.  The worst day of the week that we have for outbound spam is Saturday, followed by Monday.  The distribution is below:

image

Is there a relationship between our outbound spam distribution and the worldwide incoming spam distribution?  I don't know yet, but it is a topic that I think warrants further investigation.

Leave a Comment
  • Please add 3 and 1 and type the answer here:
  • Post