2013-06-18 20:30:45 UTC
I used 64,000 spam messages sent between 27 April and 13 May 2013.
They were sent through 20 spam filters in parallel and real-time.
I defined a 'web host' as an IP address that was listening on port 80 around the time the email was sent.
About 30% of the spam in this corpus was sent from web hosts.
Web host spam bypasses a filter with a probability of 1.04%.
Other spam does so with a probability of 0.29%.
That's a significant difference. (Note that the spam I use tends to be easy to filter. Relatively little snowshoe spam and dodgy ESPs.)
There's the usual correlation versus causation disclaimer. It could well be that those spammers who use web hosts (most of which I assume to be compromised, but I didn't look into this) for sending spam are better at sending spam.
A bit of context here http://www.virusbtn.com/blog/2013/06_17.xml
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
This is the asrg mailing list. To change your subscription settings, see