Spam and the first letter of an email address

Richard Clayton, a security scientist at Cambridge, has presented a shot paper at CEAS 2008 entitled: "Do Zebras get more Spam than Aardvarks?". This interesting paper reports an analysis of a 550 million collection of email messages sent to (or through) the ISP Demon Internet. The main conclusion of the analysis is that the the first letter of the email address does matter, and that spammers are using dictionary attacks to guess email addresses. There is no evidence that spammers ar using the alphabetic letter order.

A good conclusion for ISPs is that they should take into account the real email addresses, and discard those email messages addressed to inexistent recipients.

Read the blog post.