February 2024 in Spamtraps: ESPs

So here, at long last, the monthly stats for ESPs in the Koli-Lõks OÜ spamtrap collection. The percentage of ESP spam out of all email received was 13.9%.

Figure 1. ESP spam in Koli-Lõks OÜ spamtraps, February 2024

Or, to put the same in readable text,

#NamePercentageMost prominent customerNotes
0(All others)33.8%
2Salesforce Marketing Cloud14.6%Sam’s Club
3Amazon SES6.0%Terrie O’Connor Realtors
4Intuit Mailchimp5.8%citistore.com.hk
5Emarsys4.5%Costco Wholesale (UK)
6MessageBird SparkPost4.3%Best Target Advertising Ltd (IE)
7Sinch Mailgun4.0%Pandora
8SendCloud (uCloud)3.1%f-avis.topNewcomer in these postings
9Mapp2.7%nextwebbusinessguide.comIncludes eCircle and Blue Hornet
Table 1. List of the most frequently seen ESPs.

The last time SendGrid was NOT number 1 in these stats was May 2021. Incidentally, that’s the previous time this blog was updated.

Amazon SES has more or less permanently taken over from Mailchimp as #3.

The entry of the Chinese ESP SendCloud / uCloud to these lists did in fact happen earlier, but it seems we’ve only tweeted about that at the time.

Here’s a list of the individual customers with the most volume from the whole bunch, their percentages out of the total ESP mail load, their respective ESPs, and their percentages out of their own ESP:

#Customer namePct out of total ESP mailOn which ESPPct out of own ESPName
2viaggioas.com1%SparkPost23.4%Best Target Advertising Ltd, Ireland
4lager157.com0.7%SendGrid3.7%Lager 157
5tocr.com0.6%Amazon SES10.3%Terrie O’Connor Realtors
6nrsc.org0.6%SendGrid3.1%National Republican Senatorial Committee
8samsclub.com0.3%SFMC2.3%Sam’s Club
9costco.co.uk0.3%Emarsys7.3%Costco Wholesale (UK)
10italotreno.it0.3%Adobe Marketo14.2%Italo, Italy’s high speed train
Table 2. List of the most frequently seen ESP customers.

You know where to reach us if you want to ask questions about this (that is, in case you don’t want it discussed in public in the comments to the blog). TTFN!

Apologies for the long absence

We’ve been active, but Atro has mostly been posting on LinkedIn. It’s somewhat easier than using the blog platform. But since we keep hearing it from you that new employees at ESPs are frequently advised to keep an eye on this blog by their more experienced colleagues, let’s try to make an effort here and justify that advice.

May 2021 in Spamtraps: ESPs

Figure 1. Top 10 ESPs in our spamtraps, May 2021

Here’s a monthly summary of our findings in May 2021. Because of a major glitch at an otherwise unremarkable operator the total of ESP mail is noticeably larger than the month before (from 6.6% to 6.8%), the top 10 has a new participant that would never appear on the list otherwise, and the share of the top 10 out of everything is much larger than usual.

RatingParticipantPercentageNotesMost prominent customer
0All others33.2%
1Salesforce Marketing Cloud14.1%Marcus & Millichap (4%)
2SendGrid13.9%Uber (7.2%)
3Retarus12.0%Mostly backscatterMAILER-DAEMON (99%)
4Mailchimp8.0%Egyeditermekek.net (0.9%)
5Amazon SES5.7%Netflix (9.3%)
6Oracle Marketing Cloud3.2%Harborfreight.com (3.5%)
7Epsilon3.0%DICK’S Sporting Goods, Inc. (57.5%)
8Mailgun2.9%With some spillover from MailjetHarri.com (3.3%)
9CheetahMail2.1%Talbots.com (11.4%)
10Constant Contact2.0%Rentv.com (1.5%)
Table 1. Top 10 ESPs in our spamtraps, May 2021,
with their shares of the total and most prominent customers

This month’s special feature is a flood of backscatter from Retarus, a German ESP whose presence in our traps is usually so insignificant that they’re not even in the top 40. Early this month, there were two outbursts of this activity, between 7 to 11 am UTC on May 3 and between 3 to 7 am UTC on May 6. It is only the second time that backscatter causes an ESP to make an appearance here, the first, if memory serves, having been Hobsons in July 2018.

After taking a closer look last period, I noticed that our handling of the merged operations of Mailgun and Mailjet is somewhat wonky, which explains the appearance of any given customer on both at the same time. To be honest, it doesn’t help that they appear to be borrowing IP blocks from each other. But this is a problem that I expect will resolve itself in the short to medium term as the merger is eventually completed (one hopes, anyway).

First third of 2021 in Spamtraps: ESPs

Once again, a trendline post. The percentages of ESP mail from all spam the traps saw was more or less 6.6% across the entire period, with slight variations.

Figure 1. ESP spam in Koli-Lõks OÜ spamtraps, January to April 2021
Figure 1. ESP spam in Koli-Lõks OÜ spamtraps, January to April 2021

The top contenders continue to remain all alone in their heights. Any interesting movements are occurring in the #5 to #15 slots.

Mailgun showed absolute growth in numbers across the entire period and finally surpassed OMC in April. From February on, this is due to a collections agency in the UK, it seems.

Epsilon’s trend is also consistently upward. DICK’S Sporting Goods, Inc. is responsible for half of what they send to us.

Finally, Mailjet took a huge leap in April compared to the rest of the observation period. Interestingly enough, their worst customer is the same as that of Mailgun – a collection agency in the United Kingdom. Not only the same kind of, but actually the same domain names.

December 2020 in Spamtraps: ESPs

ESP Top Ten chart, December 2020
Figure 1. ESP spam in spamtraps, December 2020

Okay, so here’s the last post of 2020, a day or two late.

It really seems as if the SendGrid flood that there was during the autumn is over. There’s still a lot of mail, and some of it is still stuff that no ESP customer should be sending, but the numbers are more or less back to normal, which is nice.

0All others33.9%259 ESPs identified
1Salesforce Marketing Cloud15.6%Marcus & Millichap (3.5%)
2SendGrid13.8%Uber (7.0%)
3Mailchimp8.7%Spamtrap bias showingAkcióbazár (<1%)
4Amazon SES6.3%Netflix (4.9%)
5Oracle Marketing Cloud4.2%harborfreight.com (3.7%)
6Adobe Campaign3.9%Pandora (49%)
7SendinBlue3.0%sneakyaffiliate.com (10%)
8Epsilon>2.9%DICK’S Sporting Goods (40%)
9CheetahMail<2.9%Talbots (7.7%)
10Mailgun2.7%Vumedi.com (3.3%)
Table 1. Top 10 ESPs in our spamtraps, December 2020,
with their shares of the total and most prominent customers

We’ve done something strange, or spammers have done something strange, I don’t know. The proportion of ESP spam to all spam we’ve seen keeps growing. The numbers remain more or less the same, while the total goes down, so I guess either the botnets are spewing less, or we’re ignoring them better. The percentage of ESP spam to all was a whopping 8.1% this month.

Then there’s the relative badness.

ESP badness, December 2020
Figure 2. Relative badness of ESPs in our spamtraps, December 2020

As always, the “relative badness” figure is obtained by dividing the total number of messages sent to us by an ESP by the apparent number of its customers participating in it.

The biggest customers in the badness chart are DICK’S Sporting Goods for Epsilon (almost 40% of Epsilon’s total catch in our traps); the Republican party (over 70% of what Pulsepoint sent); Costco (over a third of what we got from WhatCounts) and Pandora, which amounted to almost half of the Adobe contribution.

That’s all, folks! Happy New Year, may it be less interesting in the Chinese sense than the one we just left behind.

Sliding window – August to October 2020 in Spamtraps: ESPs

This follows the earlier July to September post – the trends continue to be more important than the spot figures. The percentage of ESP spam of all mail was 9.7% in October.

Figure 1. Percentages of various ESPs of the total catch identified
as having been sent by any ESP, August to October 2020
Read more…

July to September 2020 in Spamtraps: ESPs

Turns out there was a point to being lazy with the monthly reports over the summer. This chart needed to be drawn over a longer period of time to highlight the obvious.

A logarithmic chart of the  contributions of various ESPs in the Koli-Lõks OÜ spamtraps over the period of July to September 2020.
Summer 2020 in Spamtraps: ESPs
Read more…

June 2020 in Spamtraps: ESPs

Figure 1. Top 10 ESPs in our spamtraps, June 2020
Read more…

May 2020 in Spamtraps: ESPs

Figure 1. Top 10 ESPs in our spamtraps, May 2020
Read more…

Join Netflix today

Recently, a friend encouraged me to look into the marketing of Netflix, the video-on-demand platform.

They’re sending from Amazon SES, one of the ESPs we are tracking, so I might have materials to look at.

My notes on ESP spam go back years, so I can easily pull up the data and draw a graph of the percentage of mail related to netflix.com in the observed output of Amazon SES in our traps.

I’d say somebody has got a little over excited with the remarketing. My favourites are the “Join today!” emails sent to addresses that never existed, where the explanation for why the recipient got it is that they had previously created an account. Why do they need to join in a second time and how were they able to join to begin with, with an email address that has never existed?

Go back to top