Blocking of International Spam Botnets

Why Spammers are Dangerous for Mail Server Operators?

How the Spam Botnet Works?

  • IP addresses from which hacker logged into account (ip_address).
  • Corresponding country codes of IP addresses from GeoIP database (state_code).
  • Number of sasl logins which hacker did from one IP address (login_count).
Excerpt from list of IP addresses and countries botnet logged in into compromised account (Full list).
Distribution of unique IP addresses per country from botnet logins (Full list).
  • Spam was spread from a botnet. This is indicated by logins from a huge amount of client IP addresses.
  • Spam was spread with a low cadence of messages in order to avoid rate limits.
  • Spam was spread from IP addresses from multiple countries (more than 30 countries after few minutes) which indicates an international botnet.
  • Total number of logins 7531.
  • Total number of IP addresses used 342.
  • Total number of unique countries 41.

How to Defend?


I Want to Try It!




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

SULE Will be Available on CoinTiger on 29 March.

RSA Attacks: Common Modulus

Sling Blue ⋆ 1 Year Replacement

BooPay Token $BooPay

Votes to ADD RPR on

From SPAC to Spectacular: A Confidential Computing Company on the Rise

Tidal Finance partners with Oasis Network to provide Decentralized Insurance and Integrate…

Please switch to Signal, today.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ondrej Vasko

Ondrej Vasko

More from Medium

Kidnapped by Bogus Cops

Alternatives to self-harm

Camera found on 34th Street bus… in 1980's(c)

Morris County Receives +$2.3 million to Replace Old Bloomfield Ave and Cozy Lake Rd Bridges