Computer viruses and malicious software (collectively hereinafter “malware”) are proliferating via the Internet. Malware can be used to establish controlled networks of infected computers (“bot-net” or “bot-network”) for the automation of distribution of unsolicited electronic mail (i.e., “spam”). Spam that is sent from a bot-network can be difficult to detect and/or prevent for a variety of reasons. Typically, computers that are part of a bot-network are associated with a short-lived IP address (e.g., a dynamic address) that does not generate enough network traffic to establish a “reputation.” Additionally, such bot-network controlled computers transmit low volumes of spam for short periods of time so as to remain inconspicuous. Thus, conventional spam detection methods, such as address-based (e.g., blacklisting) and volume-based filtering, are ineffective for spam bot detection.