2008-09-01
Abstract
Spam levels shown to depend (partly) on starting letter of email addresses.
Copyright © 2008 Virus Bulletin
A recent paper by security researcher Richard Clayton at the University of Cambridge suggests that the volume of spam that arrives in one’s inbox depends – in part – on the first letter of one’s email address.
Clayton reports that addresses whose local part (left of the ‘@’) start with an ‘a’ receive more spam than those that begin with a ‘z’. Rather than being related to the letters’ alphabetical positions, though, the discrepancy can be explained by the prevalence of those letters at the start of an address – there are more addresses starting with an ‘a’ than starting with a ‘z’.
Clayton studied the email traffic of UK ISP Demon Internet over an eight-week period and found that the addresses starting with an ‘a’ received 35% spam in their inboxes, while those starting with a ‘z’ received just 20%. Other first letters that showed an increased likelihood of receiving spam included ‘m’ and ‘p’, both of which received around 42% spam, while the letter ‘q’ was neglected in a similar way to the letter ‘z’, receiving just 21%.
Clayton postulates that the most likely reason for these intriguing results is the prevalence of dictionary attacks – the more names (and addresses) there are beginning with a certain letter the more likely the spammers are to guess addresses beginning with that letter. The findings were reported in a paper presented at the CEAS anti-spam conference last month; the full paper can be read at http://www.cl.cam.ac.uk/~rnc1/aardvark.pdf.
