Botnets have become one of the most serious threats to the Internet. They are now the key platform for many Internet attacks, such as spam, distributed denial-of-service(DDoS), and we call these attacks “the second character of bots”. In this paper, we focus on characterizing spamming botnets by leveraging both spam payload and spam nodes traffic properties. Measurement of botnets is an important and challenging work. However, most existing approaches work only on specific botnet command and control (c&c) protocols (e.g., IRC) and structures (e.g., centralized). In this paper, we present two measurement frameworks (MFNL and MFAL) that based on the second character of bots to measure the size of the botnet. We have easily implemented our prototype system and evaluated it using many real network traces, and we also compare these two approaches from several points.