(no subject)
I've watched something interesting happen on the spam scene in the past few weeks. First of all, the quantity of spam coming to me from botnets dropped radically. I was getting 89-90 spams per day for some time, but very abruptly that dropped to 50-60, and virtually all of the missing spam was botnet spam. Then over the following months, my spam count rose modestly again, but there was a difference: This time the "new" spam was coming from spammers who apparently were buying their own domains and hosting them somewhere "spam-friendly." The payload domain and the "from" domain were the same. You can't do that from a botnet.
This suits me fine. I can block a "from" domain right in the client and never see it again. I've begun to get a surprising number of new spammer "from" domains every day-I think the number yesterday was 14. Turnover of payload domains was always pretty high, but now the same turnover applies to "from" domains as well. We can only guess as to why. The authorities may be putting the heat on botnets to the point that spammers do not want to become entangled in the investigations and increasingly common indictments. (Note that, as best we know, spammers do not own or run the botnets. They simply rent them from the black hats who assembled and control them.) Port 25 blocking is becoming more common, kneecapping more and more zombie PCs and making botnets less effective for spam.
Domains are cheap, but they're not free, and I would guess that there's not nearly the money in spam that there was a couple of years ago, and as botnets show up in the news as sources of DDOS attacks and other nastiness, law enforcement has shown more interest in taking them down. It's just tougher to make a living in spam today. Damn. I'm gonna cry real tears.