Home / News I have a News Tip

Spam Volumes Dropped by Two-Thirds After Major Spam Hub Shut Down

The volume of junk e-mail sent worldwide plummeted on Tuesday after a Web hosting firm identified by the computer security community as a major host of organizations engaged in spam activity was taken offline, reports Brian Krebs of The Washington Post today.

"Experts say the precipitous drop-off in spam comes from Internet providers unplugging McColo Corp., a hosting provider in Northern California that was the home base for machines responsible for coordinating the sending of roughly 75 percent of all spam each day."

Graphs shows the number of messages submitted as spam along with the number of reports consumated regarding those messages in a 24 hour period. These numbers now reflect only a small fraction of total spam being processed by SpamCop, but they are still representative of the total. Source: Spamcop.net

During October, an average of 190 billion spam messages were sent daily, said Nilesh Bhandari, a product manager at IronPort, a messaging security company. Yesterday, however, the hourly average dropped to 112 billion, resulting in a 41% decline.

Read full story: The Washington Post

Related topics: Spam


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


Re: Spam Volumes Dropped by Two-Thirds After Major Spam Hub Shut Down Fergie  –  Nov 12, 2008 9:11 PM PDT

I would also recommend reading the HostExploit.com research whitepaper on the activities observed in McColo:


...and it becomes very clear the sort of "badness" that was occurring there.


- ferg

mccolo never lost connectivity? Carl Byington  –  Nov 13, 2008 10:29 AM PDT

From looking at the bgp logs, it seems that mccolo never lost connectivity. They brought up a new connection via Los Nettos before dropping (or being dropped by) HE.

show ip bgp
7397 226 26780

Re:mccolo never lost connectivity? Fergie  –  Nov 13, 2008 12:47 PM PDT

@Carl Byington

Not sure where you came up with that — McColo is dead in the water, routing-wise:

Hello, this is zebra (version 0.95a).
Copyright 1996-2004 Kunihiro Ishiguro.

route-views2.routeviews.org> sho ip bgp
BGP routing table entry for
Paths: (2 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
3277 3216 3549 26780 from (
Origin IGP, localpref 100, valid, external, best
Community: 3216:3000 3216:3004 3277:3216 3549:4151 3549:30840
Last update: Thu Nov 13 15:19:33 2008

8001 10910 22212 26780 from (
Origin IGP, localpref 100, valid, external
Community: 8001:1000 8001:1008 65010:300
Last update: Wed Nov 12 16:16:20 2008



Tracing route to over a maximum of 30 hops

1 2 ms 1 ms 1 ms


4 12 ms 23 ms 49 ms pos-0-4-0-0-ar01.sfsutro.ca.sfba.comcast.net [68
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * ^C

- ferg

> Not sure where you came up Carl Byington  –  Nov 13, 2008 6:30 PM PDT

> Not sure where you came up with that

From a bgp speaking router.

> BGP routing table entry for
> 3277 3216 3549 26780

Your own test via routeviews shows them connected via as3549 gblx.net.

Or am I missing something? Many systems don't respond to traceroute or ping.

Re: > Not sure where you came up Fergie  –  Nov 13, 2008 6:52 PM PDT

For all intents and purposes, McColo is "off the air".

- ferg

up and running today Carl Byington  –  Nov 14, 2008 4:48 PM PDT

host canadianpharmacycorp2.com
canadianpharmacycorp2.com has address

curl http://canadianpharmacycorp2.com/welcome.php 2>/dev/null | grep TITLE

License Pharmacy Online

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services

DNS Security

Sponsored by Afilias


Sponsored by Verisign

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Government Guidance for Email Authentication Has Arrived in USA and UK

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Nominum Sets New Record for Network Speed and Efficiency

DNS on Defense, DNS on Offense

Managing Outbound Spam: A New DNS-based Approach For Stopping Abuse (Webinar)

MarkMonitor Fraud Intelligence Report, Q4 2011

MarkMonitor Fraud Intelligence Report Released for Q2 2011

The Botnet-Counterfeit Drugs Connection

New Monthly Fraud Intelligence Report Now Available

MarkMonitor to Highlight Importance of Cross-Functional Approach to Brand Protection

Paid Search Ads Can Lead to Fake Goods

Open Phishing Season

.ORG Highlighted for Success in Fighting Phishing

Latest Brandjacking Index Examines How Fraudsters Abuse Financial Brands

New Report Shows .INFO Domain Safest from Phishing Attacks

MarkMonitor AntiFraud Solutions Combine Proven Antiphishing and Expert Antimalware Capabalities

COCC Partners with MarkMonitor for Anti-Phishing Services

ICANN Mexico City Meeting Brings a Significant Shift in Direction for Brand Rights Holder Issues

MarkMonitor Year-in-Review Report Finds Online Abuse of Major Brands Was a Growth Industry for Fraud

Committed to Keeping the Internet a Safe Place