Spam Propagation Risk Vector: Core Overview

The Spam Propagation risk vector is composed of spambots, where a device on a company’s network is unsolicitedly sending commercial or bulk email (spam). If spam originates from email addresses or devices within a company’s network, this is an indication of an infection.

If a company offers a bulk email-sending service, such as a digital marketing company that sends marketing material on behalf of their customers, they are excluded from this risk vector. These companies are identified with a “Bulk Email Sender” label on their company overview page.

The Spam Propagation risk vector is part of the Compromised Systems risk category. Understanding how this affects your rating is key to prioritizing your remediation:

• Weighting: This vector is weighted evenly with other Compromised Systems risk vectors, which account for 27% of your Bitsight Security Rating.
• Lifetime: Findings remain active for 180 days from the last observed date.
• Point Recovery: As a finding ages without a new observation, its negative impact on your score gradually decreases.
• Rescan Policy: Because these findings rely on external observation data, user-requested rescans are not available. The finding will automatically update when our sensors no longer detect the activity.

How Bitsight observes Spam Propagation activity

Spam activity is observed using the following methods. Please click the link of the resources for more information.

• Email Header Analysis
• Honeypots
• Mail Server Connection Analysis
• Sinkholes
• Spam Traps

What criteria is considered when classifying observations as Spam Propagation events?

Spambots are identified based on known patterns contained in the email headers that are common across malware families, such as the subject field, the “Received From” field, email addresses, and various IDs.

Example: one type of observed spam mechanisms are spambots. Spambots are used for simultaneously sending bulk email messages from multiple devices.