- April 6, 2021: Forensics integrated into Findings.
⇤ Compromised Systems Findings
Spam Propagation is composed of compromised systems sending unsolicited commercial and/or bulk email.
If a company offers a bulk email sending service, such as a digital marketing company that sends marketing material on behalf of their customers, they are excluded from the Spam Propagation risk vector. These companies are identified with an envelope icon next to their name on their company overview.
View findings from the Findings page or the Bitsight API.
Learn how to track spambots.
To protect our data sources, destination mail server information or destination IP addresses are not provided. Use the source IP address and IP block ranges in your infrastructure as a compass to narrow your search for spambots. Spambot activity in the source IP address may not be the same IP address of your company mail servers.
Finding Details
*Availability varies based on the detection mechanism.
The details include the data in Findings, Compromised Systems details, and also the following information:
| Field | Description |
|---|---|
| Email From Address | The email address assigned in the “From” email header field of a spam email. |
| Email HELO string* | The domain of the Simple Mail Transfer Protocol (SMTP) client. |
| Email Sender | The email address of the original sender of a spam email. |
| Email Subject | The subject line of the spam email. |
| Observations | The number of times the spam propagation was observed in a 24-hour period, between midnight UTC one day and midnight UTC the next day. |
| Spam Relay IP | The IP address of the email relay used by the Send-Safe program to distribute spam. |
| Spam Type | The method (e.g., Snowshoe, which disguises the true number of sent messages) or tool used to send spam (e.g., the Darkmailer spamming service). |
| Detection Mechanism | The method used to detect the infection. |