Summary
Spam originates from diverse sources, often used in conjunction to mask sender identity and evade filters. Core sources include botnets, compromised accounts, and exploited servers. Techniques like dynamic IPs and bulletproof hosting aid in evasion. Some Cloud providers like Amazon SES, Gmail, and Outlook struggle with policing spam, especially in B2B environments, partly due to ineffective compliance and lacking incentives for removal. Open relays, rented lists, smaller ESPs with weak security, and purchasing old domains are also used. The rise of stricter filters and decreased false positive tolerance also shape the landscape.
Key findings
- Core Spam Sources: Botnets, compromised accounts, and exploited servers are main platforms for spam.
- Evasion Techniques: Spammers use dynamic IP addresses, bulletproof hosting, open proxies and VPNs to hide their origin.
- Cloud Provider Challenges: Cloud providers, specifically in B2B, have difficulties in spam policing and lack strong compliance.
- ESPs and Hosting: Smaller ESPs with weak security, rented lists, and purchased domains contribute to spam.
- Stricter Filtering: Email filters are becoming more selective and less forgiving of false positives.
Key considerations
- Enhanced Security: Implement strong network and account security measures to prevent compromise and botnet inclusion.
- Email Authentication: Utilize SPF, DKIM, and DMARC for email authentication to verify email authenticity and reduce spam.
- Monitoring & Reporting: Monitor network traffic for unusual activity, and report spam to assist in identification and removal of sources.
- Choosing Platforms: Carefully vet ESPs and hosting providers, prioritizing those with robust anti-spam policies.
- Evolving Tactics Awareness: Stay updated on evolving spam tactics to adapt and implement necessary preventative measures.
What email marketers say
11 marketer opinions
Spam originates from a variety of sources and platforms, often used in combination to obfuscate the sender's identity and bypass spam filters. Common sources include: botnets (networks of infected computers), compromised email accounts, rented servers, smaller email marketing services with lax policies, open mail relays, bulletproof hosting services, web hosting providers that ignore spam complaints, SMTP servers on residential ISPs, and purchased old domains. Some ESPs may be exploited due to poor monitoring, and some providers turn a blind eye to spam due to the profit generated. Spammers also utilize techniques to mask their locations, such as using public Wi-Fi networks, VPNs, and proxies. Amazon SES, Gmail, and Outlook have been mentioned as platforms used to send spam.
Key opinions
- Multiple Sources: Spam originates from a variety of sources including botnets, compromised accounts, rented servers, and smaller ESPs with lax policies.
- Compromised Accounts: Compromised email accounts are frequently used to send spam, often without the account owner's knowledge.
- Botnets: Botnets, networks of infected computers, are a significant source of spam.
- Masking Techniques: Spammers use various techniques to hide their true IP addresses and locations, including public Wi-Fi, VPNs, and proxies.
- Platform Exploitation: Some legitimate ESPs and hosting providers may be exploited due to poor monitoring or lax policies.
Key considerations
- Platform Security: Consider the security policies and monitoring practices of any email marketing service or hosting provider you use.
- Email Authentication: Implement email authentication protocols (SPF, DKIM, DMARC) to help prevent your emails from being flagged as spam.
- Network Security: Ensure your network and devices are secure to prevent them from becoming part of a botnet.
- Reporting: Report spam to help mitigate the problem and support efforts to identify and shut down spam sources.
- Evolving Tactics: Spammers are constantly evolving their tactics, so it's important to stay informed about the latest techniques and trends.
Marketer view
Email marketer from Quora explains that spammers often use a combination of techniques including compromised email accounts, open relays and bulletproof hosting, making attribution difficult. They also note that some legitimate ESPs may be exploited due to poor monitoring.
14 Jul 2022 - Quora
Marketer view
Email marketer from Reddit shares that spam is sent from botnets, compromised accounts, and some smaller email marketing platforms with weaker security. Spammers also use public Wi-Fi networks to mask their locations.
27 Feb 2022 - Reddit
What the experts say
6 expert opinions
Spam originates from various sources, including botnets, compromised servers, hijacked email accounts, and bulletproof hosting providers. Cloud providers struggle with policing spam, particularly in B2B environments, due to ineffective compliance teams and a lack of incentive to remove bad actors. Gmail and Microsoft are identified as significant sources of B2B spam. Filters are becoming stricter and less forgiving of false positives, leading to a less marketer-friendly environment.
Key opinions
- Multiple Sources: Spam originates from a variety of sources, including botnets, compromised servers, and hijacked email accounts.
- Cloud Provider Challenges: Cloud providers face difficulties in policing spam, especially in B2B environments.
- Gmail & Microsoft: Gmail and Microsoft are significant sources of B2B spam.
- Stricter Filters: Email filters are becoming stricter and less forgiving of false positives.
- Bulletproof Hosting: Bulletproof hosting providers facilitate spam campaigns due to minimal oversight.
Key considerations
- Source Monitoring: Monitor spam sources to identify and address potential issues.
- B2B Spam Focus: Pay special attention to B2B spam, as it is prevalent and often difficult to detect.
- Filter Adaptation: Adapt marketing strategies to accommodate stricter email filters and reduced tolerance for false positives.
- Compliance Improvement: ESPs need to invest in innovative thinking and resources to improve compliance and effectively stop spam.
- Bulletproof Hosting Risk: Avoid bulletproof hosting, as this increases the risk of deliverability problems.
Expert view
Expert from Email Geeks explains that all the cloud providers are pretty messy and it’s very, very hard to police sending particularly in a B2B environment. So many ESPs built their compliance teams based on things like GPT and FBLs and … they simply don’t work in a B2B environment.
8 Apr 2024 - Email Geeks
Expert view
Expert from Email Geeks shares that compliance is going to get worse before it gets better and it’s going to take some innovative thinking and resource investment to actually have the ESPs stopping spam more effectively. She adds that she is not sure they have any real incentive to do so because filters are more selective and a bad customer only hurts themselves. There’s just not the incentive to throw off bad customers that there used to be and compliance desks are expensive. They think we’re going to see spam get worse and more and more ESPs just not having the ability to deal with it.
24 Apr 2024 - Email Geeks
What the documentation says
5 technical articles
Spam is predominantly sent through botnets (networks of compromised computers), compromised email accounts, and exploited servers. These platforms allow spammers to send large volumes of unsolicited emails while masking their true identities. Dynamic IP addresses, open proxies and bulletproof hosting are also used to evade detection. Network security and email authentication protocols like SPF, DKIM, and DMARC are crucial in mitigating spam attacks.
Key findings
- Botnets: Botnets are a primary source of spam, enabling the sending of large volumes of unsolicited emails.
- Compromised Accounts: Spammers frequently use compromised email accounts to send spam.
- Exploited Servers: Spammers exploit compromised and unsecure servers to distribute spam.
- Evasion Techniques: Spammers utilize dynamic IP addresses and bulletproof hosting to evade detection.
- Authentication Importance: Email authentication protocols (SPF, DKIM, DMARC) are effective tools for identifying and mitigating spam.
Key considerations
- Network Security: Implement robust network security measures to prevent servers from being compromised and used for spam.
- Account Security: Implement email account security measures to reduce the risk of account compromise.
- Email Authentication: Utilize email authentication protocols (SPF, DKIM, DMARC) to verify the authenticity of emails and reduce spam.
- Botnet Monitoring: Monitor network traffic for signs of botnet activity and take steps to mitigate any detected infections.
- Secure Hosting: Avoid bulletproof hosting providers and choose reputable hosting services with strong anti-spam policies.
Technical article
Documentation from Cisco identifies that botnets, hijacked accounts, and compromised servers are frequently used by spammers. Cisco outlines the importance of network security and email authentication to mitigate spam attacks.
6 May 2023 - Cisco
Technical article
Documentation from Cloudflare describes that malicious actors leverage botnets, compromised email accounts and unsecure servers to send spam. They highlight the use of email authentication protocols like SPF, DKIM and DMARC as effective tools in identifying spam.
10 Dec 2021 - Cloudflare
How are spammers getting content for their spam emails?
How can ESPs identify and block spammers before they damage IP reputation?
How can I identify the ESP used to send a spam email using the email headers?
How can I stop a relentless spammer who switches domains and sends via Google Workspace?
How can you identify spammers?
