According to a Brian Krebs blog post a major spam, child porn, fraud, and fake anti-virus hosting facility named McColo has been taken offline. 

According to Brian, McColo (no, it is not owned by McDonalds and they did not offer McServers although they definitely served McSpam :) ) was responsible for more than 75% of the spam email that was propagated to the internet on a daily basis. 

Normally, I would be one of the first to refute such a claim as blowing the results out of proportion, but our own volume numbers today are showing a similar story (although 75% does appear to be a bit high based on our statistics):



This somewhat cryptic graph is a representation of our mail flow over the past 7 days (no, I won't give out the actual numbers).  To help you understand what is being shown here, the higher peaks are weekday mail flow patterns and the lower peaks are weekends. 

The significant dip on the far right is what we have seen today; a 50% reduction in typical Wednesday volume.  The dropoff started at about 1pm MST on 11/11 and leveled off at around 3am today which is where mail flow again started to increase.  Mail flow typically starts its daily increase at 3am, but you can easily see that where we are today is nowhere near where we typically are for a weekday. 

This represents the first time that we have seen immediate, significant, measurable reductions in spam volume as a result of a spammer arrest or registrar/colocation termination.  It also appears that there were a significant number of Srizbi botnet command and control servers being hosted out of McColo as we have similarly observed significant drops in of traffic coming from that botnet today.  We're continuing to monitor to see if this is merely a coincidence or if the two events are related.  More to come as additional information becomes available.