Independent research on internet spam, phishing, abuse, and malware. Our reports are published weekly and include original data analysis, trend identification, and actionable intelligence drawn from the vspam.org community-verified threat database.
All publications are released under CC BY 4.0. Citation format: vspam.org Research Team. (2026). [Title]. vspam.org, [Report No.].
Comprehensive research analysis covering phishing website trends, spam domain registration patterns, and IP address abuse across 2025–2026. This report examines the evolving threat landscape, infrastructure abuse patterns, and provides actionable threat intelligence for mail operators and security teams.
A controlled study measuring the effectiveness of the vspam.org DNSBL feed across 2,400 participating mail servers over 60 days. We analyze false positive rates, detection latency, and the impact of trust-tier weighted voting on blocklist accuracy.
Key Findings▸▾
01.DNSBL feed blocked 94.7% of phishing emails within 2 hours of community confirmation
02.False positive rate measured at 0.003% across 2,400 participating mail servers
03.Trust-tier weighted voting reduced false confirmations by 67% compared to simple majority voting
Comprehensive analysis of abuse notification response times across 180+ hosting providers. We measure time-to-acknowledgment, time-to-takedown, and identify which provider characteristics correlate with faster response to phishing abuse reports.
Cross-referencing vspam.org confirmed IOCs against PhishTank, OpenPhish, URLhaus, and APWG feeds to measure unique coverage and identify blind spots in the collective phishing intelligence ecosystem.
Key Findings▸▾
01.vspam.org contributed 18.3% unique IOCs not found in any other analyzed public feed
02.Combined coverage of all 5 feeds reached 89% of known active phishing URLs (sampled via honeypots)
03.Email-based phishing IOCs had the lowest cross-feed overlap (34%), indicating significant blind spots
04.Average lag between first appearance in any feed and propagation to all feeds: 6.8 hours
05.Domain-based IOCs showed highest correlation (72% overlap) across all analyzed feeds
Weekly summary of notable phishing campaigns, newly observed tactics, and community reporting trends. This week features a spike in QR-code phishing targeting corporate Microsoft 365 accounts and a new phishing kit distributed via Telegram channels.
Reports are published weekly. Data is sourced from the vspam.org community-verified threat database. For questions about methodology or data access, contact research@vspam.org.