Over the past twelve months, there has been a dramatic shift in the world’s spam. Whereas twelve months ago, much of the world’s spam originated from botnet-controlled PCs on ISP networks, most of the world’s spam volume now originates from web hosting provider networks. This is an anachronism in many ways, because in the early days of spam, spammers would colocate their spamming machines in web hosting networks. These days, spammers rent VPS (cloud) servers and abuse shared hosting platforms via compromised scripts and other badness.
The Composite Blocking List (CBL) maintains a really fantastic set of statistics on the worst spam sources according to their spam trap network – here’s the link: cbl.abuseat.org/statistics.html. CBL operates one of the world’s most comprehensive spam trap networks, which is probably why Spamhaus uses CBL data to power its own widely used Exploits Block List (XBL).
I thought it would be interesting to look at the companies that are on the top of the CBL’s spam volume report, which summarizes the networks that send the most spam messages to the CBL’s spam trap addresses.
At the top of the list, we have “The Planet”, otherwise known as SoftLayer. Their network of 1.5M IP addresses sends fully 3.5% of the spam volume received by CBL. SoftLayer is a truly enormous web hosting company, with multiple massive data centers, and 436 employees (according to LinkedIn). I know that SoftLayer has an active abuse team; however, they seem to be fighting a losing battle with the spammers at this moment in time.
Next up is STRATO, a German web hosting provider which advertises ultra low cost domain registration and shared web hosting. Looks like they have a lot of compromised hosting accounts in their network. With 81 employees on LinkedIn, they might want to look at allocating a bit more of their staff time to abuse.
Thirdly, we have Redmon Group. I tried to find Redmon Group on LinkedIn, but failed. Yet, they somehow generate more han 2.5% of CBL’s spam trap volume, and operate a network with more than 300,000 IP addresses. On their web site, Redmon Group advertises, rather vaguely, “Redmon Group is a nationally acclaimed interactive media firm that develops interactive technology products and services to enable, train, and entertain. Founded in 1990, Redmon works with a diverse group of distinguished clients including corporate, public sector, international, and educational organizations. The company has developed over 300 custom products for over 100 different clients.” All I can say is, “Hmmmm”.
Rounding out the rest of the top-25 spam sources on the CBL list, we have just six ISPs; the rest are web hosting providers.
Does anyone know the pricing of a Mailchannels carrier edition to handle about 40.000 IP addresses?
I'll have to check Redmon more, but thanks for the write-up, flush the rats down one toilet and they crawl out another!