Tag Archives: Microsoft

Spam from Microsoft’s AS 8075 April 2011-June 2012

As we’ve seen, Microsoft’s AS 8075 is back on top in the June 2012 SpamRankings.net from PSBL data. Actually, AS 8075 is a chronic offender, having been #1 numerous times, often placing in the top 10, and (we can see in internal data) never going below #38:


Also, CBL does often see spam from AS 8075 at the same time PSBL does, even though CBL has never seen enough spam from that ASN for it to place in the U.S. top 10 from CBL data.

Volume data from PSBL and CBL graphed by SpamRankings.net

Volume data from PSBL and CBL aggregated and interpreted by SpamRankings.net
Graph by John S. Quarterman for SpamRankings.net.

That’s a pretty dense graph, and internally it’s interactive for easy interpretation, but the dark purple line is PSBL volume and the lines with dots are various botnets and the like detected for AS 8075 by CBL. We can drill down to which IP addresses are producing the spam indicated by such rankings and graphs.

The main point is even mighty Microsoft often emits spam. Any big corporation is likely to have similar problems, because, like in the case of medical organizations, they’re likely to have some employees who will fall for phishing or other exploits. Even the most Internet-security-savvy organization can’t catch them all. SpamRankings.net can help with that, both by providing incentive (do you want your organization to be at the top of the rankings?) and by providing drilldowns to help localize the problem (so you can fix it and brag about dropping off the rankings).


Microsoft back on top in June SpamRankings.net

2 (1) AS 36692 OPENDNS
3 (-) AS 26769 BANDCON
4 (-) AS 22414 CRAIGS-NET-1
5 (-) AS 22822 LLNW
6 (-) AS 10912 INTERNAP-BLK

Beating even OPENDNS, Microsoft took #1 in U.S. PSBL June 2012 rankings.

Microsoft was last on top in the same rankings for April 2012. I thought Microsoft was a leader in Internet security?

In other news, Bell Canada’s AS 577 BACOM actually dropping off the Canadian June 2012 rankings from CBL data. Shaw took #1 and Iweb dropped to #2.

We have a new medical winner! It’s Hartford Hospital’s AS 11047 HHCC-ASN1. Gaining altitude at the end of the month was Joan and Sanford I. Weill Medical College and Graduate School of Medical Sciences of Cornell University with AS 20252 JSIWMC.

More on those and other developments in later blog posts.



Microsoft, world leader in Internet security: and spamming?

Microsoft, world leader in Internet security, will doubtless clean up its spamming act when it sees its AS 8075 is #1 for outbound spam in the U.S. for April 2012 in rankings from PSBL data, pushing the U.S. to #1 worldwide. Other rankings don’t show Microsoft high, but does MSFT really want to show up in any of these rankings?

Rank (Previous)CountryPopulationSpam
of top 10
1 (3) US 310,232,863 673,30618.2%
2 (2) IN 1,173,108,018 506,39713.7%
3 (1) CN 1,330,044,000 413,08911.2%
    Total   3,689,376100%

These rankings that show Microsoft high are derived by SpamRankings.net from PSBL blocklist data. The April 2012 SpamRankings.net from CBL blocklist data do not show Microsoft in the top 10. Apparently PSBL’s spam traps happened to be in the line of spam from Microsoft, while CBL’s were not.

And of course Microsoft probably doesn’t mean to be sending any of that spam. More likely botnets exploited a MSFT security vulnerability. Here’s hoping they clean it up soon!