July to September 2020 in Spamtraps: ESPs
Turns out there was a point to being lazy with the monthly reports over the summer. This chart needed to be drawn over a longer period of time to highlight the obvious.
Otherwise it’s almost news as usual with nothing worthwhile to say, but two things stood out from the data. The first is that the share of ESP spam went up significantly as the amounts of botnet spam seen in this system seem to have been reduced (3.9% in July, 5% in August and 7% in September, two consecutive new records there I think) and the other one is the woes of SendGrid.
It was still mostly BAU for SendGrid in August, with Uber being the largest participant over the course of the whole month (that is to say: nothing to see here, move along). The first problems started appearing more or less August 20, when the majority of the daily input was 419 and phishing of various kinds instead of the usual ESP customer fare.
That’s the volumes. Maybe there is something to say about the content as well? Let’s take a sample from the dashboard on our next-gen spam analysis system. We get subject lines and their relative frequency. The sample size is very small (only about 6,000 messages over the course of the whole month; the real deal is two orders of magnitude more, and the sources of the new system under development are heavily geared towards Scandinavia at the moment) but it is somehow revealing all the same. The list of the top subject lines is reproduced below in text.
- Profile Update Required Immediately (3.1%)
- Activate One-Time Verification On Your Email Account (3.0%)
- Intuit: Security Upgrade Required (1.5%)
- New Secure Message (0.8%)
- PRF Daily Status Report (not phish)
- ✉(16)未读留言!(“unread messages” in Chinese; phish; 0.7%)
- Förnya och fyll på! (not phish)
- Mail Delivery (0.5%; DHL package delivery scam)
- Kickstarta veckan! (not phish)
- REPLY AS SOON AS POSSIBLE (0.5%; advance fee fraud)