We have noticed an increase in spam from sub-domains. The majority of the messages have been quarantined but I’m wondering if anyone else has noticed this anomaly. It’s only been within the past month or so. (For example: email@example.com) Any particular reason spammers are utilizing sub-domains? Thanks!
Normally, they do things like this to help boost their evasion. It is a constant game of cat and mouse where they will shift around to whatever they think is most effective and least likely to be blocked. It will change again soon as people react.
You can try lowering your detection threshold to 4.2 and see if that helps. We have several customers who have done so and it has helped with this type of spam.