Advertisement

SpamBots

trustedsource

trustedsourceRecently, a number of spam messages (like maybe 5) got past my challenge-response anti-spam defenses and deposited a number of nastigrams in my inbox. I did a source view of the message and extracted the source IP address. Then I typed in the IP address to Google and one of the options presented was the trustedsource.org website, which offered me a three part report on the subject IP address. I suppose this measures the number of compliants against the address.

Part 1 is a view of the instantaneous web reputation ranging on a five point scale from trusted, neutral, unverified, suspicious and malicious. In this case and on this day it was marked as neutral.

Part 2 is the mail reputation report (shown here). This compares the typical volume of email over a 3-hour slot (or so). Sites that suddently have very high volumes of outbound email are probably under spambot influence. 

This site had suddenly generated 775% more email than usual, suggesting that it had recently been infected with some spambot.

Part 3 of the report includes a GoogleMap geographic locator and a link to the Spamhaus report on the address in question. Spamhaus reported that the address in question is infected with the cutwail2 spambot and that it is on the composite block list. Originally the site ran afoul of the automated spam analysis mechanisms that populate the XBL feature of Spamhaus.