Spam Trends: June 2024 - August 2024

Spam is almost never benign, and in our experience, it is a deliberate threat, or a predicate act to subsequent crimes including phishing, scams, or sales of counterfeit goods.

Modern day spam is sent without informed consent, from compromised devices or from accounts where the emission of spam violates acceptable use. Using the Council of Europe’s Convention on Cybercrime as our model of law, we consider these criminal misuses of devices. The unauthorized software (malware) that emits spam emails uses system and nework resources at the expense of unauthorized software. The Convention of Cybercrime considers these to be criminal acts of data or system interference. We thus treat spam

Here, we look at spam activity during our most recent measurement period and compare to what we’ve previously seen and reported.

Spam activity is at an 18-month high

Domains reported for hosting spammed content or spambots rose from 1.5M in the March-May 2024 reporting period to 2.6M in the June-August 2024 reporting period.

Eighteen of the Top-level Domains with the highest spam scoring metric were new TLDs. These were joined by .CC and .TK. All these TLDs had scoring metrics in excess of 300; by comparison, .COM had a score of 57.9. If you think .COM’s a spammy neighborhood, imagine how much spam we’d see if these TLDs had equally large domain market shares.

We again observed a decrease of subdomain provider accounts reported for hosting spam. This continued a downward trend since March 2024; however, spam activity at free and cheap hosters remains nearly double over activity reported a year ago.

In our ranking of domain registrars, GoDaddy.com remains #1, followed by Gname, Dynadot, NameSilo, and NameCheap. The top 6 registrars from the previous quarter are in the top 6 this quarter. The rest of the top 20 list saw considerable churn in both raw counts and spamscores. Four registrars posted spam scores in excess of 1700. By comparison, GoDaddy posted a spam score of 45.7. It’s terrifying to conjure a scenario where these registrars had more significant domain market shares.

Amazon, CTG Server Limited, and Cloudflare posted the highest numbers of spam IPv4 addresses in our top 10 hosting networks. Cloudflare ASN209242 had the dubious distinction of landing at #8 in our raw counts measurement and #2 in spam score metric (a +560% increase over the prior quarterly report). Dimension Network & Communication Limited’s spam score metric more than doubled, from an already troubling 9,018 to 21,676.

Trends in spam domain composition

Spammers do include brand, product, or service names in their spam domains. We also observed that spammers include English words that attract attention or convince a spam recipient that the domain is legitimate.

Words frequently found in spam (minimum 1000).

What industry sectors or verticals do spammers target?

We grouped these English words into a set of categories to get observe where spammers focus attention. We observed an increase in delivery services targets and financials targets over the prior reporting period, and a decrease in technology and business targets.

Examples of words we include in our categories include:

  • for Technology: digital, login, ssl, captcha;

  • for Financial-Crypto: income, wealth, loan, invest, credit;

  • for Delivery Services: deliver, parcel, track*;