There has been discussion on various forums about the disconnection of McColo, and spam volumes. At work spam attempts have increased, but we are a small sample, and others have a better position to judge.

If you know of online metrics of spam volumes like the graphs linked to below please post a them in a comment!

• This week at spamcop.net
• This month at the Distributed Checksum Clearing house

Initial reports claimed a 75% reduction in spam levels as a step change around 16:00 EST on Tuesday.

The variable experience of Internet spam by different mail servers always hinted that there are a relatively small number of people behind a lot of the spam.

The data from SpamCop and DCC are consistent with each other, suggesting they have enough data to be representative. The results are not a 75% reduction, but still something clearly caused major disruption to the world's spam supply on Tuesday afternoon.

Botnet researchers had said previously that many botnets were fed fairly directly from hosted servers, and the bots were just amplifying proxy servers, and a small number of companies were involved in hosting the back-end servers feeding these bots. They seem to have been right.

Reasonable questions include why did it take so long? Is there any law enforcement action going on in the background?

The compromised PCs, and the vulnerabilities that allowed them to be compromised are still out there. More secure botnets will fill the vacuum. This is an opportunity for those fighting spam to step back, and plan their next steps, and lobby for more enforcement action against online criminals. Not that I think enforcement is the answer, but my email inbox is the only place I'm daily approached by criminals.

Background reading:

• Washington Post story by Brian Krebb
• A Closer look at McColo