Spammers distribute emails to addresses by Pareto’s law

I’ve got an II server that knows a lot of email addresses. Most of them are bogus addresses at or .net. Emails to the bogus addresses are tossed in the bit bucket.

This email address list also includes legitimate addresses.

What happens when the number of emails to each of these addresses is graphed on a semi-log scale?

Log graph of email counts by To: name

About 10,000 of the 14,000 names are 1-email names. The rest go up in counts to the top name – a name that has had 100,000 emails to it. (Log file emails from the server really run that number up!) Oddly enough, the number two name, by count, is some long, bizarre name involving the following sub-strings:

  • kstc
  • nsdg

I should explore where emails to this name are coming from. I’d presume that they would be coming from a botnet.

Another odd thing is what normal names are high in the list. Sure, “alex” is way up there in many forms. And other legitimate names. But, “dennis”, “fleming”, “gutierrez”, and “garza”? What happened to “john”, “micheal” and “smith”? Those are the big kahunas of names out there in the Interwebs.

Leave a Reply