Trends Spam bot behavior suddenly changes By Ken Simpson | 1 minute read One of the things that we keep track of with Traffic Control is the percentage of SMTP connections which end without the sender issuing a QUIT command as required by RFC 5321. Because the QUIT command is required by the RFC, it’s possible to reject and prevent delivery of messages from senders who violate this requirement. The impact on legitimate senders is extremely low, because all known legitimate MTAs properly issue a QUIT. For a very long time, the percentage of connections that did not issue QUIT hovered around 0.25%. But for some reason, in the past day this figure has shot up. The graph below details this development: The data is the same whether we look at individual customer sites, at inbound-only traffic, or at outbound traffic emanating from large ISP sites where we have installed Traffic Control for transparent outbound spam filtering. Any ideas as to why this is happening? Anyone else seeing this trend?