Who’s NOT buying anti-spam?

Last week, I talked about who’s buying anti-spam tools. So what about those who aren’t?

We estimate that only 75% of US corporate mailboxes are protected by anti-spam. Why so few?

One reason (at the risk of making the rest of us insanely jealous) is that some people simply don’t get spam.

They don’t get spam, because spammers don’t have their email address.
This can happen if their email addresses aren’t published on web and
they’re hard to guess. This situation will change though, as I’ll talk about in a future post.

Spammers will either harvest published email addresses from web sites, or use directory harvest attacks (DHAs) to try to guess valid email addresses. DHAs have two main ways of working.

1. They go through "brute force" sequences, such as:

  • aaaa@exmaple.com
  • aaab@exmaple.com
  • aaac@exmaple.com

2. They take common names and combine them, such as:

  • albert.smith@example.com
  • andrew.smith@example.com
  • andy.smith@example.com

or:

  • asmith@example.com
  • bsmith@example.com
  • csmith@example.com

Some email addresses are unlikely to be guessed this way. Previously, people may have scoffed at your ugly email address, Doe_John/Pinewood_01@example.com — but who’s laughing now?

Post a comment

You must be logged in to post a comment. To comment, first join our community.