What is hit-and-run spam?

Hit-and-run spam sends massive volume briefly before abandoning infrastructure. Attackers burn through domains and IPs quickly, sending at full speed for hours or days before detection and blocklisting catches up.

Economics favor this approach: cheap domain registration means infrastructure is disposable. Speed matters more than sustainability. By the time reputation is destroyed, attackers have moved to fresh resources.

Defense challenges: traditional reputation systems lag behind hit-and-run speed. Real-time content analysis and coordinated intelligence sharing improve response time. Detecting infrastructure patterns (registrant info, nameservers) helps predict new sources.