McColo and SPAM

Raymond Corbin rcorbin at
Fri Dec 5 21:30:38 UTC 2008

I thought it was mostly control servers....I doubt any 'botnet master'
would hardcode an IP address of a server without some sort of backup
using some domains that they can always change the DNS on. They update
that and the bots will then start connecting to the new 'control
servers' and thus spam would come from them. Also did the spam really
'stop' or were they just not able to now get updates from their control
servers...those infected I imagine are still sending the spam....


-----Original Message-----
From: Mike Walter [mailto:mwalter at] 
Sent: Friday, December 05, 2008 4:03 PM
To: Revolver Onslaught; nanog
Subject: RE: McColo and SPAM

We have not seen any decrease.  In the last 24 hours we have seen 3.5
million messages blocked.


-----Original Message-----
From: Revolver Onslaught [mailto:revolver.onslaught at] 
Sent: Friday, December 05, 2008 2:14 PM
To: nanog
Subject: McColo and SPAM


Since McColo closed, we noticed the spam was far more intensive than

However, it seems the amount of spam is similar than than before.

Do you feel the same ?

Many thanks,

More information about the NANOG mailing list