spam/SpamSummary-2006-09-02 written at 23:40:34; Add Comment
Weekly spam summary on September 2nd, 2006
Our SMTP frontend survived all this week without problems, which was something of an accomplishment this week. Because this week, we:
Yes, that is not a typo; this week we had a lot of SMTP connections, although none of the other numbers are up much compared to last week. It's not a continuation of the spam storm from last Saturday either, as the per-day numbers show:
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 188.8.131.52 10704 557K 184.108.40.206 4490 216K 220.127.116.11/10 3609 190K 18.104.22.168/11 2976 145K 22.214.171.124 2405 144K 126.96.36.199/24 2367 119K 188.8.131.52/12 2330 116K 184.108.40.206/13 2226 107K 220.127.116.11 2215 106K 18.104.22.168 2114 127K
The overall volume is down from last week, with only one entry really sticking out.
Connection time rejection stats:
38665 total 18228 dynamic IP 15060 bad or no reverse DNS 2176 class bl-cbl 1381 class bl-sbl 547 class bl-dsbl 280 class bl-njabl 251 class bl-sdul 159 class bl-spews 84 class bl-ordb
Oddly, despite the huge connection volume there is no real growth in these stats compared to last week. I don't have any explanation for this.
Six of the top 30 most rejected IP addresses were rejected 100 times
or more, with the leader being 22.214.171.124 (197 times, rejected for
having no reverse DNS). 15 of the top 30 are currently in the CBL,
six are currently in
Somewhat to my surprise only one of those two is our non-friends at Cutting Edge Media (this week reporting in from 126.96.36.199). The other is 188.8.131.52, which is part of SBL21128, which is a /23 listing that is (to quote the listing) '419 scam sources in Senegal'. For extra displeasure, this listing was created November 14th, 2004.
Hotmail's stats this week are an improvement over last week:
And the final numbers:
There were four people who sent 100 or more bad
The most popular bad username to send stuff to continues to be
* * *
Atom feeds are available; see the bottom of most pages.