spam emails infographic design

PHPMailer Abuse to Send Spam Emails

Download the PDF

PHPMailer Abuse to Send Spam Emails

Spam ranks as a high threat vector for organizations. The PHPMailer library has been widely adopted in the criminal underground as a tool to send spam and monitor the health of spam campaigns. 

Access to PHPMailer libraries is offered for sale on multiple marketplaces like

What can you buy on

  • Stolen and hacked credentials
  • Hacked PHPMailer installations
  • Lists of email addresses

The size and scope of the marketplace

Distribution of PHPMailer installations from the US, Canada, and France:

  • US 88%
  • Canada 4%
  • France 8%

Number of PHPMailers put up for sale on a daily basis:

  • Canada 2 to 20
  • France 1 to 32
  • US 83 to 581 traffic sources:

  • Nigeria 29%
  • Morocco 23%
  • UK 13%
  • Taiwan 9.9%

Revenue distribution:

  • US 87%
  • France 9%
  • Canada 4%

PHPMailer pricing:

  • Price starts at $2
  • Maximum price for Canada and France is $20, and $30 for the United States
  • Average price around $7

Profile of Hacked PHPMailer Installations:

  • 59% did not send a test email to validate uptime
  • 7% run on live websites
  • For sale between 30 and 87 days on average
  • Age can exceed 450 days which questions the operational value

How should your organization respond?

  • Do not rely solely on the reputation of the SMTP server sending you emails
    Check in with your email filtering provider to better profile suspicious senders

Download the Full Research Report

research report cybersecurity olux spam
Comments are closed.