spam/SpamSummary-2006-07-08 written at 02:37:13; Add Comment
Weekly spam summary on July 8th, 2006
This week, we:
This is about the same as last week, allowing for random variation. The per day table is mostly but not entirely flat, so I'm going to include it:
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 18.104.22.168/11 9919 485K 22.214.171.124/10 7007 367K 126.96.36.199 6328 329K 188.8.131.52 5037 235K 184.108.40.206 4932 237K 220.127.116.11 4189 201K 18.104.22.168 4155 201K 22.214.171.124/24 4030 203K 126.96.36.199 3774 181K 188.8.131.52/11 3680 182K
Volume is down from last week, only partly because the two big point sources went away, and this week the top two spots are claimed by Chinese netblocks instead of individual IP addresses.
Connection time rejection stats:
55159 total 29576 dynamic IP 21628 bad or no reverse DNS 2631 class bl-cbl 230 class bl-njabl 154 class bl-sdul 135 class bl-spews 124 class bl-sbl 87 class bl-dsbl 10 class bl-ordb
This is a striking jump up from last week for only a relatively moderate increase in overall connection volume. I suspect that spammers may be having their zombies get more persistent to overcome greylisting; oh well, very little lasts forever in the antispam world.
All 30 of the 30 most rejected IP addresses were rejected more than a
hundred times; the champion is 184.108.40.206, with 1247 rejections,
and with this latest episode it's now earned a permanent place in our
kernel IP filters. 27 of the 30 are currently in the CBL, and six are
Hotmail had a so-so week, and I've discovered that some of my past stats around the start of each month may have been inaccurate. This week's numbers:
That's a lot of mail to our spamtraps, and I'm not too happy about it. Hotmail may be stopping spammers relatively fast, but it's clearly letting them send some spam to start with.
And the closing numbers:
Both of these are up significantly from last week, and I suspect
that it's the same root cause: spammers are forging us on their spam
more actively. There is no single source of bad
This week sees a new 38-character hex digit appear in the bad bounces,
* * *
Atom feeds are available; see the bottom of most pages.