Do Zebras Get Less Spam Than Aardvarks?

Do Zebras Get Less Spam Than Aardvarks?

Saturday, August 30, 2008 - by Michael Santo
Email spam got you down? Is your first name Aaron? A study by Cambridge University security expert Richard Clayton shows that the first letter of your email address has a lot to do with the amount of spam you receive.

The study (.PDF), titled "Do Zebras get more Spam than Aardvarks?" analyzed traffic logs from the U.K. ISP Demon Internet. The data analyzed was from the period Feb. 1st - March 27th of 2008.

In the study, Clayton noted that those whose local part of their email address (this is the portion to the left of the "@") begins with "A" receive about 50% spam and 50% non-spam. Clayton called this group aardvarks. When the local part begins with "Z" (call them zebras) about 75% is spam.



You're probably saying, eh? This makes no sense based on what was said earlier. Ah, but it does.

The reason more of the zebra email is spam is because so few actual email addresses start with "Z". Thus, the real portion of email is smaller. If you only look at legitimate email addresses, the picture changes: 20% of email addressed to zebras is spam, 35% of aardvarks is spam.

Clayton's theory over the reason for this difference also makes sense:

At some point, it occurred to the spammers that if john@example.com was a valid email address then perhaps john@another.com was valid as well, so they started to combine local parts (to the left of the @) with other domain names. This method of creating email addresses to attempt delivery to is called a dictionary attack (or sometimes a Rumpelstiltskin attack).
In other words, with apologies to Zbigniew Brzezinski, there simply aren't that many Zbigniew's around, so he is pretty safe.




It's not so simple as "A" vs. "Z," as shown in the graph above. Email addresses with number starting characters receive even fewer spam emails. Give you any ideas?

Clayton's advice?

Perhaps aardvarks should consider changing species — or asking their favourite email filter designer to think about how this unexpected empirical result can be leveraged into blocking more of their unwanted email.
Via: Richard Clayton (Research Paper) | News Archive | Tags: spam, aa
Login or Register to Comment

Comments

By bob_on_the_cob on Aug 30, 2008

My new email 9Bob@gmail.comHmm

By 3vi1 on Aug 31, 2008

Well, posting it to a message board shouldn't get you much spam at all. Nope, not much at all.

I haven't seen a plan backfire like that since my campaign to rename Manwiches got three people burned at the steak.  :p

By bob_on_the_cob on Aug 31, 2008

3vi1:

Well, posting it to a message board shouldn't get you much spam at all. Nope, not much at all.

I haven't seen a plan backfire like that since my campaign to rename Manwiches got three people burned at the steak.  :p

CRAPHmm

By warlord on Aug 31, 2008

bob_on_the_cob:

3vi1:

Well, posting it to a message board shouldn't get you much spam at all. Nope, not much at all.

I haven't seen a plan backfire like that since my campaign to rename Manwiches got three people burned at the steak.  :p

CRAPHmm

Big Smile

By ice91785 on Sep 1, 2008

I don't know what everyone is complaining about -- I like these emails; always telling me about awesome deals and cheap ways to enhance myself and all kinds of free video codecs are linked to auto-download.....its great!

 

P.S. Does anyone know why my PC is running so slow? I just can't quite figure it out...

By amdcrankitup on Aug 31, 2008

Maybe I,ll have to try this theory?

By eneville on Sep 1, 2008

Well, there is obviously a high chance that alphabetical sorting comes into play here, so the bot nets probably get addresses in a sorted format.

The other thing that I thought when reading this was email address harvesting at the SMTP level. It's most likely to go through names and addresses in a phone book style - pretty much a dictionary attack.

Although many systems barf, it's often useful to put _ or % symbols in your email addresses if you have the luxury of your own mail server.

Post a Comment