|
Last week, I commented on the the Gmail/Hotmail/Yahoo username and password leak. The question we now ask is whether or not we are seeing an increased amount of spam from those services. On another blog, they were commenting that various experts were claiming that this is the case.
I disagree.
Over at Microsoft Forefront Online (where I work and collect various email statistics), I have dug through the stats we have on spam for the last two months originating from IPs in these services. I use the IPs in Hotmail’s SPF record, Gmail’s SPF record, and publically available lists of Yahoo’s IPs. Below is a chart illustrating how much spam we receive from those three. I have normalized the values of the y-axis to munge the exact amount of spam that we receive from them.
The usernames and passwords were posted on Oct 1, 2009. Since that time, the amount of spam we get from all three services has declined somewhat. Instead, what we saw are huge increases on Sept 3 and Sept 4 followed by a rapid drawdown—this was a month before the information was posted. Yahoo increased throughout September but eventually declined when the passwords were posted, whereas the other two services returned to normal levels right afterwards (ie, after the outbreak). I checked AOL’s statistics and they also saw a huge spike on Sept 3-4, but otherwise showed no significant deviation from their norm.
To me, this suggests the following:
And then again, there could be no relation to anything and this is all a coincidence. Isolated events are notoriously difficult to detect because there is so much variation within day-to-day events, that is, it can be difficult to separate the signal from the noise. Patterns that occur over time are easy to spot, but incidents like this are less so.
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byWhoisXML API
Sponsored byRadix
Sponsored byVerisign