Weekly spam summary on October 1st, 2005
This week we received 11,661 email messages from 245 different IP addresses. Our SMTP server handled 49,500 sessions from 5,900 different IP addresses. Email volume has held steady from last week, but session volume is down.
Overall connections are actually up from previous weeks: 251,000, from at least 41,000 different IP addresses. Our SMTP frontend hit 50 simultaneous pending connections early in the week, which is its maximum at the moment. Other statistics suggest that this time around, the changes are because spammers are trying to spam us.
Kernel level SMTP blocks:
Host/Mask Packets Bytes 126.96.36.199/24 10647 492K [*] 188.8.131.52 8784 411K 184.108.40.206 7860 388K 220.127.116.11 7582 354K [*] 18.104.22.168 7556 344K [*] 22.214.171.124/24 6075 325K [*] 126.96.36.199 5963 286K 188.8.131.52 5511 257K 184.108.40.206 5262 253K 220.127.116.11 4731 227K
The four marked entries reappeared from last week; the remainder are new.
- 18.104.22.168 is Tiscali UK's lead mail machine, and is on SPEWS.
- 22.214.171.124 is in what we consider to be twtelecom.net dynamic IP address space.
Everyone else got listed for sending us enough unresolvable
Connection-time rejection stats:
25588 total 13475 dynamic IP 6328 bad or no reverse DNS 2166 class bl-cbl 1691 class bl-spews 479 class bl-dsbl 404 class bl-sbl 233 class bl-ordb 107 class bl-sdul 63 class bl-njabl 4 class bl-opm
Nothing stands out in looking at detailed stats, which means that the big jump in CBL hits is probably from spammers trying to spam us.
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Spammers are still actively forging our domains, just not quite as often as last week. Such is life for a domain where they've been forging us for literally years. (I sometimes wish the University would sue a few of them, but the lawyers probably have many better things to do.)