[AfrICANN-discuss] Email Address Dictates Spam Volume

Wed Sep 3 15:08:49 SAST 2008

Report: Email Address Dictates Spam Volume
The first letter of your email address is one factor in your spam
risk, a researcher says
AUGUST 28, 2008 | 5:25 PM

http://www.darkreading.com/document.asp?doc_id=162585&WT.svl=news1_1
By Kelly Jackson Higgins
Senior Editor, Dark Reading

Everyone knows that some people get more spam than others, but new
research shows that it may have something to do with the first letter
of your email address.

Richard Clayton, a security researcher at the University of Cambridge
in the U.K., says he found evidence that the more common the first
letter in your email address is, the more spam you get: in other
words, alice at company.com typically gets a higher volume of spam than
quincy at company.com, or zach at company.com. He says that�s simply because
there are more combinations of names that begin with �A� than with �Q�
or �Z.�

Over an eight-week period, Clayton studied around 8.9 million emails
at a U.K. ISP and found that the email addresses that began with �A�
received 35 percent spam in their inboxes, while �Z�s� got about 20
percent -- after sorting out real emails versus invalid ones that had
likely been generated by a spamming tool. Clayton says it�s likely
that spammers using dictionary attacks could be the cause of this
disproportionate distribution of spam.

Clayton acknowledges that his study didn�t end up proving what he had
hoped it would � that alphabetic order was an indicator of how much
spam you got. He says it�s likely that since dictionary attacks are
not commonly occurring in real-time, the phony email addresses he saw
possibly had been stored in spammer databases for some time.

Matt Sergeant, senior anti-spam technologist for MessageLabs, says a
dictionary-type spam attack that ekes out as many email addresses it
can by letter is the mark of an old-school spammer, not a
sophisticated one. �You don�t have this pattern with the more malcious
spammer. Botnets distribute and split up lists of email addresses and
distribute them among the entire botnet simultaneously,� for instance,
Sergeant says.

MessageLabs has seen a similar pattern with spam in domain names, he
says. �Domain names that start with �A� get more spam than domain
names that start with �Z,�� he says.

So does pinpointing that the Sams of the world get spammed more than
the Yancys ultimately help anti-spam technologists curb spam? Sergeant
says that while this trend is a fun fact of sorts, it also does
provide a little insight into spammers. �You have to look a bit deeper
into the information and have an understanding of how spammers work to
really understand what this [data] is saying. It�s most definitely
interesting information,� he says. But it wouldn�t sway anyone to
change their email address to X at company.com to ensure they get less
spam, he adds.

Have a comment on this story? Please click "Discuss" below. If you'd
like to contact Dark Reading's editors directly, send us a message.