February 2024 in Spamtraps: ESPs

So here, at long last, the monthly stats for ESPs in the Koli-Lõks OÜ spamtrap collection. The percentage of ESP spam out of all email received was 13.9%.

Figure 1. ESP spam in Koli-Lõks OÜ spamtraps, February 2024

Or, to put the same in readable text,

#NamePercentageMost prominent customerNotes
0(All others)33.8%
1SendGrid18.8%infotimes.com.tw
2Salesforce Marketing Cloud14.6%Sam’s Club
3Amazon SES6.0%Terrie O’Connor Realtors
4Intuit Mailchimp5.8%citistore.com.hk
5Emarsys4.5%Costco Wholesale (UK)
6MessageBird SparkPost4.3%Best Target Advertising Ltd (IE)
7Sinch Mailgun4.0%Pandora
8SendCloud (uCloud)3.1%f-avis.topNewcomer in these postings
9Mapp2.7%nextwebbusinessguide.comIncludes eCircle and Blue Hornet
10ActiveCampaign2.4%wrenews.com
Table 1. List of the most frequently seen ESPs.

The last time SendGrid was NOT number 1 in these stats was May 2021. Incidentally, that’s the previous time this blog was updated.

Amazon SES has more or less permanently taken over from Mailchimp as #3.

The entry of the Chinese ESP SendCloud / uCloud to these lists did in fact happen earlier, but it seems we’ve only tweeted about that at the time.

Here’s a list of the individual customers with the most volume from the whole bunch, their percentages out of the total ESP mail load, their respective ESPs, and their percentages out of their own ESP:

#Customer namePct out of total ESP mailOn which ESPPct out of own ESPName
1infotimes.com.tw2%SendGrid10.9%時報資訊股份有限公司
2viaggioas.com1%SparkPost23.4%Best Target Advertising Ltd, Ireland
3nextdoor.com0.7%SendGrid3.8%Nextdoor
4lager157.com0.7%SendGrid3.7%Lager 157
5tocr.com0.6%Amazon SES10.3%Terrie O’Connor Realtors
6nrsc.org0.6%SendGrid3.1%National Republican Senatorial Committee
7uber.com0.4%SendGrid2.3%Uber
8samsclub.com0.3%SFMC2.3%Sam’s Club
9costco.co.uk0.3%Emarsys7.3%Costco Wholesale (UK)
10italotreno.it0.3%Adobe Marketo14.2%Italo, Italy’s high speed train
Table 2. List of the most frequently seen ESP customers.

You know where to reach us if you want to ask questions about this (that is, in case you don’t want it discussed in public in the comments to the blog). TTFN!

May 2021 in Spamtraps: ESPs

Figure 1. Top 10 ESPs in our spamtraps, May 2021

Here’s a monthly summary of our findings in May 2021. Because of a major glitch at an otherwise unremarkable operator the total of ESP mail is noticeably larger than the month before (from 6.6% to 6.8%), the top 10 has a new participant that would never appear on the list otherwise, and the share of the top 10 out of everything is much larger than usual.

RatingParticipantPercentageNotesMost prominent customer
0All others33.2%
1Salesforce Marketing Cloud14.1%Marcus & Millichap (4%)
2SendGrid13.9%Uber (7.2%)
3Retarus12.0%Mostly backscatterMAILER-DAEMON (99%)
4Mailchimp8.0%Egyeditermekek.net (0.9%)
5Amazon SES5.7%Netflix (9.3%)
6Oracle Marketing Cloud3.2%Harborfreight.com (3.5%)
7Epsilon3.0%DICK’S Sporting Goods, Inc. (57.5%)
8Mailgun2.9%With some spillover from MailjetHarri.com (3.3%)
9CheetahMail2.1%Talbots.com (11.4%)
10Constant Contact2.0%Rentv.com (1.5%)
Table 1. Top 10 ESPs in our spamtraps, May 2021,
with their shares of the total and most prominent customers

This month’s special feature is a flood of backscatter from Retarus, a German ESP whose presence in our traps is usually so insignificant that they’re not even in the top 40. Early this month, there were two outbursts of this activity, between 7 to 11 am UTC on May 3 and between 3 to 7 am UTC on May 6. It is only the second time that backscatter causes an ESP to make an appearance here, the first, if memory serves, having been Hobsons in July 2018.

After taking a closer look last period, I noticed that our handling of the merged operations of Mailgun and Mailjet is somewhat wonky, which explains the appearance of any given customer on both at the same time. To be honest, it doesn’t help that they appear to be borrowing IP blocks from each other. But this is a problem that I expect will resolve itself in the short to medium term as the merger is eventually completed (one hopes, anyway).

Sliding window – August to October 2020 in Spamtraps: ESPs

This follows the earlier July to September post – the trends continue to be more important than the spot figures. The percentage of ESP spam of all mail was 9.7% in October.

Figure 1. Percentages of various ESPs of the total catch identified
as having been sent by any ESP, August to October 2020
Read more…

July to September 2020 in Spamtraps: ESPs

Turns out there was a point to being lazy with the monthly reports over the summer. This chart needed to be drawn over a longer period of time to highlight the obvious.

A logarithmic chart of the  contributions of various ESPs in the Koli-Lõks OÜ spamtraps over the period of July to September 2020.
Summer 2020 in Spamtraps: ESPs
Read more…

May 2020 in Spamtraps: ESPs

Figure 1. Top 10 ESPs in our spamtraps, May 2020
Read more…

October 2018 in Spamtraps: ESPs

Blast from the recent past

(This is what happens when you forget to click Publish)

ESP spam seen in spamtraps, October 2018

The percentage of ESP spam was 3.0%, down from 3.2% in September. The total amount of mail in this trap collection was up 16% from September.

There’s a new player on the list again. Ediware is a French email service provider that has been around since 2001. This is the first time ever they have made this list in any capacity, and it’s straight to the top 10. During October 24 from 5 pm to 8 pm CEST they had a malware/botnet/whatever infestation spamming “fix your wifi”, “desktop microscope”, “heating gadget” etc. To their credit, they got on top of it quite quickly, in four hours the problem was completely curbed, but while it was going on, the volume was huge. Any other stuff from them amounted to 0.4% of the total – no wonder we don’t usually see them.

Salesforce is so much ahead of SendGrid this month I would have expected to see something unusual from them. But no, it’s the same old players, none of whom are sending anything out of the ordinary.

SendGrid really need to get rid of Advisor Perspectives. Like, really. And so do MailChimp, for that matter.

Bubbling under this month: Mapp Digital (2.1%), Adobe Campaign (2.0%).

RATINGPARTICIPANTPERCENTAGENOTESMOST PROMINENT CUSTOMER
0All others34.7%
1Salesforce Marketing Cloud14.2%ExactTargetKohls (4.5%)
2SendGrid11.8%Advisor Perspectives (11%)
3MailChimp8.9%Boston Globe (0.8%)
4Oracle Marketing Cloud5.7%Nordstrom (6.9%)
(Nordstrom and Nordstrom Rack are also Salesforce’s #7 most spamming customer with 1.6% of SMC total)
5Amazon SES5.0%Netflix (3.8%)
6CheetahMail4.2%Eddie Bauer (5.8%)
7Mailgun4.0%The Italian affiliate spammers (at least 35%)
8Ediware3.9%Botnet flood on October 24 (>99%)
9IBM Marketing Cloud3.1%renewlife.com (nearly 30%)
10Constant Contact2.5%123dj.com (2.4%)

Another three-month look at Spamtraps: ESPs – July, August, September 2018

July to September 2018 in Spamtraps: ESPs

July to September 2018 in Spamtraps: ESPs

We had an unexpected participant in Hobsons, who traditionally send effectively nothing to us, only just about enough for us to have recognized that they even exist. It appears their network space is shared between the ESP and some other branch of their operations. The servers of the non-ESP operations were misconfigured on April 10 shortly before 8 pm UTC and started spewing out backscatter (bounces of spam to the forged sender addresses). This went on until 9/11 @ 11 am UTC, peaking in July.

With Yesmail, the money mule spammers (subjects: “New offer”, “New vacancies in our company”, “Interesting work”, “Staff Wanted”, “Good day!”, “Hello!”, “Interesting offer”, “Welcome to our company”) started appearing in April, peaked in July, and were effectively out by September. The numbers of this type of spam on any other ESP platform are never measured in more than the single digits.

Worst senders:

  1. SendGrid: Advisor Perspectives, by a margin of more than 2x to the next contestant, month after month (with a slight nod in the general direction of Airbnb in July)
  2. SMC/ExactTarget: Kohls (only barely), with Marcus Millichap popping up in September
  3. MailChimp: Advisor Perspectives (WTH?)
  4. Oracle: Nordstrom (only barely)
  5. Mailgun: The Italian affiliate spammers (see previous blogs)
  6. Yesmail: After the money mule trash, mktgdillards.com
  7. Amazon SES: jobalert123.com
  8. CheetahMail: shopbonton.com, loft.com, emailtuesdaymorning.com (all almost below the noise floor)
  9. Constant Contact: 123dj.com (only barely)
  10. IBM: tjx.com, renewlife.com
  11. Mapp: conservativeintel.com
  12. Epsilon: DICK’S Sporting Goods, Inc.

June 2018 in Spamtraps: ESPs

ESP spam seen in spamtraps, June 2018

ESP spam seen in spamtraps, June 2018

Read more…

A three-month look at Spamtraps: ESPs

Good morning, Munich…

A four-month look at Spamtraps: ESPs

November 2017 to February 2018 in Spamtraps: ESPs

Nuff said. All the data is there and questions are welcome, either in comments to this article or in other avenues. Just haven’t gotten around to writing it up.

Go back to top