As we’ve seen, Microsoft’s AS 8075 is back on top in the June 2012 SpamRankings.net from PSBL data. Actually, AS 8075 is a chronic offender, having been #1 numerous times, often placing in the top 10, and (we can see in internal data) never going below #38:
2011
Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec | 2012
Jan | Feb | Mar | Apr | May | Jun |
| 1 | 1 | 2 | 3 | 4 | 10 | 37 | 37 | 38 | 8 | 2 | 1 | 1 | 2 | 1 |
Also, CBL does often see spam from AS 8075 at the same time PSBL does, even though CBL has never seen enough spam from that ASN for it to place in the U.S. top 10 from CBL data.
Volume data from PSBL and CBL aggregated and interpreted by SpamRankings.net
Graph by John S. Quarterman for SpamRankings.net.
That’s a pretty dense graph, and internally it’s interactive for easy interpretation, but the dark purple line is PSBL volume and the lines with dots are various botnets and the like detected for AS 8075 by CBL. We can drill down to which IP addresses are producing the spam indicated by such rankings and graphs.
The main point is even mighty Microsoft often emits spam. Any big corporation is likely to have similar problems, because, like in the case of medical organizations, they’re likely to have some employees who will fall for phishing or other exploits. Even the most Internet-security-savvy organization can’t catch them all. SpamRankings.net can help with that, both by providing incentive (do you want your organization to be at the top of the rankings?) and by providing drilldowns to help localize the problem (so you can fix it and brag about dropping off the rankings).
-jsq
