spam/SpamSummary-2005-11-26 written at 01:16:55; Add Comment
Weekly spam summary on November 26th, 2005
This week we received 20,583 email messages from 213 different IP addresses. Our SMTP server handled 21,213 sessions from 1,044 different IP addresses. This is a significant jump in incoming email compared to last week.
We saw a major jump in connections compared to last week: 238,300 connections from at least 32,400 different IP addresses. Broken down by day, it goes:
While Thursday is the day when we're slowest to add entries to the kernel level blocks, I don't think that's the sole explanation for the general habit of connection rates to spike then. (And they were already ramping up on Wednesday and slowly ramping down on Friday, too.)
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 126.96.36.199/24 8102 420K 188.8.131.52 4596 221K 184.108.40.206 2930 141K 220.127.116.11 2895 174K 18.104.22.168 2597 132K 22.214.171.124/28 2395 134K 126.96.36.199 2248 114K 188.8.131.52 2230 107K 184.108.40.206 2173 130K 220.127.116.11/10 2145 113K
The kernel level hits are way down even compared to last week, with only two really active sources by our usual standards.
This continues the trend of bad
Connection time rejection stats:
23767 total 14756 dynamic IP 5535 bad or no reverse DNS 2075 class bl-cbl 414 class bl-sbl 269 class bl-sdul 237 class bl-ordb 215 class bl-dsbl 52 class bl-spews 23 class bl-njabl 2 class bl-opm
Taking pride of place and explaining some of Thursday's numbers is 18.104.22.168, a bigpond.net.au cablemodem, which tried to connect to us 7,296 times before it gave up. (It may explain some of Wednesday's numbers too, as it started that evening.)
These numbers have dropped to amazingly low levels. I'm going to hold my breath that this keeps up. (Although some of the bounce reduction is from spammers and viruses starting to forge things like 'hostmaster' instead of random usernames.)
And finally, we have the usual depressing Hotmail numbers:
Ten email messages accepted from Hotmail is quite high, and it looks like a fair number of them were non-spam (and more than a few spam, unfortunately). Given the other numbers this looks less like Hotmail getting any sort of handle on their spam issue and more like some people starting to use Hotmail.
* * *
Atom feeds are available; see the bottom of most pages.