Weekly spam summary on November 19th, 2005
Once again, I'm leading with Hotmail's stats to highlight their spam problem:
- three email messages accepted.
- 320 messages refused because they came from non-Hotmail email addresses.
- 22 messages refused because their sender addresses had already hit our spamtraps.
- 21 messages refused due to their originating IP address (17 in the SBL, two in the CBL, one in the XBL, one because it's from Gilat-Satcom).
Gilat-Satcom is a serious problem here; it has quite a number of SBL listings for advance fee fraud spam sources (and many of them through Hotmail), yet nothing happens.
This week we received 12,759 email messages from 224 different IP addresses. Our SMTP server handled 20,329 sessions from 1,350 different IP addresses. Both of these numbers are about the same as last week.
Our connection volume is even lower than two weeks ago: 80,250 connections from at least 27,670 different IP addresses. This is probably a record low. This time around, the connection count by day numbers drop below 10,000 for Thursday onwards; I'm not going to bother with a table.
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 184.108.40.206/24 11402 595K 220.127.116.11/28 9758 546K 18.104.22.168 7319 439K 22.214.171.124/10 5449 272K 126.96.36.199 5020 264K 188.8.131.52 3922 235K 184.108.40.206 3452 166K 220.127.116.11 2458 147K 18.104.22.168 2302 110K 22.214.171.124 2270 136K
- 126.96.36.199 is an opentransfer.com machine; we don't talk to them due to too much spam.
- returning from previous listings are
188.8.131.52 (still tried to mail us
with origin addresses that had tripped our spamtraps),
184.108.40.206 (still a giga.net.tw
dynamic IP address), and
- 220.127.116.11 is in SBL34212.
- 18.104.22.168 was on the DSBL, but has been delisted during the week.
- 22.214.171.124 kept trying to mail us with an origin address that had tripped our spamtraps.
This has clearly been a really slow week for bad
Connection time rejection stats:
14635 total 7050 dynamic IP 4316 bad or no reverse DNS 1627 class bl-cbl 496 class bl-sbl 376 class bl-ordb 197 class bl-dsbl 153 class bl-sdul 135 class bl-spews 25 class bl-njabl 2 class bl-opm
No single IP address stands out in this week's statistics.
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Bounces are significantly down from the already low numbers for last week. Perhaps spammers have finally given up on forging us as the origin address for their spams? (A weary postmaster can dream.)