McColo hosted the so-called command-and-control servers for botnets that are used to instruct PCs to send spam. The botnets included Rustock, Srizbi, Pushdo/Cutwail, Mega-D and Gheg.
"At the current rates, we'll be back at those pre-McColo takedown levels probably within the next three to five weeks," said Adam Swidler, senior product marketing manager for Google Message Security, also known as Postini.
McColo's takedown for the most part killed off the Srizbi botnet, which was blamed for sending a large proportion of the world's spam. But other botnets - which are essentially legions of hacked computers configured to send spam - are picking up the slack.
Mega-D, also known as Ozdok, is comprised of at least 660,000 PCs, according to MessageLabs, an email security firm now owned by Symantec. On average, PCs infected with Mega-D send out an astounding 589,402 messages per day, or around 409 per minute. All told, Mega-D is sending out 38 billion messages per day.
According to MessageLabs' latest figures, 74.6 percent of all email was spam this month, a 4.9 percent increase over December. Percentages of spam can vary by vendor depending on the pool of PCs using their services, which are used to collect statistics on spam.
"We've seen a steady increase over the last two months," said Paul Wood, a MessageLabs Intelligence analyst.
MessageLabs saw spam drop to around 58 percent of all email when McColo went down, but rising to around 69 percent in December, Wood said.
Spammers are also changing their tactics to ensure their messages are not blocked, said Richard Cox, CIO for the antispam organisation Spamhaus.
When a computer is infected with code used to send spam, it sets up a mail server on the PC, which proceeds to pump out spam directly onto the internet. But if that computer is noticed sending spam, it is added to a block list of end-user IP address ranges that shouldn't be sending unauthenticated mail.
As an alternative, spammers are using programs that detect a person's ISP and then route the mail through that ISP, which avoids it getting block when it is checked against the list, Cox said. The spam could be blocked, however, through other detection methods and analysis at a later point.
ISPs are "not really set up for" stopping that kind of abuse as of yet, Cox said. Further, many ISPs do not have security staff available constantly to act quickly when abuse is reported, he said.
Spamhaus is in the process of tracking which ISPs are hosting the command-and-control servers for some of the current flagrant botnets. Cox said he could not release more information.
See also: Google comes third on Top 10 spam list