Independent research on internet spam, phishing, abuse, and malware. Our reports are published weekly and include original data analysis, trend identification, and actionable intelligence drawn from the vspam.org scored threat dataset and operator reporting pipeline.
All publications are released under CC BY 4.0. Citation format: vspam.org Research Team. (2026). [Title]. vspam.org, [Report No.].
April 2026 monthly research brief covering the email, identity, and DNS threat landscape, with a focus on the operationalization of generative AI across the attack chain. The report synthesizes cross-cutting AI-driven trends across phishing, malware, ransomware, email authentication and spoofing, DNS abuse, and major incidents.
Key Findings▸▾
01.Generative AI is now operationalized across the email-borne attack chain, affecting phishing, spoofing, malware, ransomware, and DNS abuse workflows
02.KnowBe4's seventh Phishing Threat Trends report found roughly 82.6% of phishing emails use signatures consistent with AI generation
03.Cisco Talos placed phishing back as the leading initial-access vector for the first time in three quarters
04.EasyDMARC reported global DMARC adoption at 52.1%, with only 11.1% at full enforcement
05.The FBI IC3 2025 Annual Report recorded $20.88B in reported losses, up 26% year over year
Comprehensive research analysis covering phishing website trends, spam domain registration patterns, and IP address abuse across 2025–2026. This report examines the evolving threat landscape, infrastructure abuse patterns, and provides actionable threat intelligence for mail operators and security teams.
A controlled study measuring the effectiveness of the vspam.org DNSBL feed across 2,400 participating mail servers over 60 days. We analyze false positive rates, detection latency, and the impact of trust-tier weighted voting on blocklist accuracy.
Key Findings▸▾
01.DNSBL feed blocked 94.7% of phishing emails within 2 hours of community confirmation
02.False positive rate measured at 0.003% across 2,400 participating mail servers
03.Trust-tier weighted voting reduced false confirmations by 67% compared to simple majority voting
Comprehensive analysis of abuse notification response times across 180+ hosting providers. We measure time-to-acknowledgment, time-to-takedown, and identify which provider characteristics correlate with faster response to phishing abuse reports.
Cross-referencing vspam.org confirmed IOCs against PhishTank, OpenPhish, URLhaus, and APWG feeds to measure unique coverage and identify blind spots in the collective phishing intelligence ecosystem.
Key Findings▸▾
01.vspam.org contributed 18.3% unique IOCs not found in any other analyzed public feed
02.Combined coverage of all 5 feeds reached 89% of known active phishing URLs (sampled via honeypots)
03.Email-based phishing IOCs had the lowest cross-feed overlap (34%), indicating significant blind spots
04.Average lag between first appearance in any feed and propagation to all feeds: 6.8 hours
05.Domain-based IOCs showed highest correlation (72% overlap) across all analyzed feeds
Weekly summary of notable phishing campaigns, newly observed tactics, and community reporting trends. This week features a spike in QR-code phishing targeting corporate Microsoft 365 accounts and a new phishing kit distributed via Telegram channels.
Reports are published weekly. Data is sourced from the vspam.org scored threat dataset and review workflow. For questions about methodology or data access, contact research@vspam.org.