spam/SpamSummary-2007-06-09 written at 23:40:37; Add Comment
Weekly spam summary on June 9th, 2007
This week, we:
The volume is down compared to last week and probably down overall, although not by much. The count of different IP addresses is up a little bit, for what that's worth.
The per day breakdown shows the influence of 22.214.171.124 again; after the Sunday morning reboot that flushed the kernel block table it promptly started hitting us again. It is now in our permanent blocklist, so that won't happen again.
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 126.96.36.199 40939 2127K 188.8.131.52 24524 1274K 184.108.40.206/24 23960 1086K bellsouth.net 220.127.116.11/23 23875 1159K cox.net 18.104.22.168/24 14588 700K adelphia.net 22.214.171.124 13339 658K 126.96.36.199/24 8660 518K centrum.cz 188.8.131.52 7180 354K 184.108.40.206 4287 200K 220.127.116.11/24 3431 165K tin.it
The volume here is significantly up compared to last week, led by some extremely prolific sources.
Connection time rejection stats:
55161 total 28121 dynamic IP 20708 bad or no reverse DNS 4676 class bl-cbl 424 qsnews.net 230 class bl-pbl 188 class bl-dsbl 119 class bl-njabl 110 acceleratebiz.com 79 class bl-sbl 73 class bl-sdul
The highest source of SBL rejections this week was SBL53722 with 37 rejections. This is an April 19th listing for cavtel.net's outgoing webmail server, listed due to it being used for advance fee fraud spam.
Three of the top 30 most rejected IP addresses were rejected 100 times
or more this week; in the lead is 18.104.22.168 with 347 rejections,
blocked for bad reverse DNS and also listed in the CBL. Closely following
it is 22.214.171.124 with 343 rejections, which a qsnews.net machine.
Twelve of the top 30 are currently in the CBL, fifteen are currently in
(Locally, 17 were rejected for being dynamic IPs, 10 for having bad or missing reverse DNS, 2 for being qsnews.net, and 1 for being in the DSBL.)
This week, Hotmail had:
And the final numbers:
This is an improvement over last week, but only a marginal one.
The leading source of bad
Bad bounces were sent to 237 different bad usernames this week, with
the most popular by far being
Just like last week, the single largest point source of bad bounces was w3.org. Various other places, including ezweb.ne.jp, Verizon, and Earthlink threw in decent contributions. The remaining bad bounces came from all over.
* * *
Atom feeds are available; see the bottom of most pages.