Wandering Thoughts archives


Weekly spam summary on November 19th, 2005

Once again, I'm leading with Hotmail's stats to highlight their spam problem:

  • three email messages accepted.
  • 320 messages refused because they came from non-Hotmail email addresses.
  • 22 messages refused because their sender addresses had already hit our spamtraps.
  • 21 messages refused due to their originating IP address (17 in the SBL, two in the CBL, one in the XBL, one because it's from Gilat-Satcom).

Gilat-Satcom is a serious problem here; it has quite a number of SBL listings for advance fee fraud spam sources (and many of them through Hotmail), yet nothing happens.

This week we received 12,759 email messages from 224 different IP addresses. Our SMTP server handled 20,329 sessions from 1,350 different IP addresses. Both of these numbers are about the same as last week.

Our connection volume is even lower than two weeks ago: 80,250 connections from at least 27,670 different IP addresses. This is probably a record low. This time around, the connection count by day numbers drop below 10,000 for Thursday onwards; I'm not going to bother with a table.

Kernel level packet filtering top ten:

Host/Mask           Packets   Bytes      11402    595K        9758    546K              7319    439K          5449    272K         5020    264K           3922    235K          3452    166K         2458    147K           2302    110K            2270    136K
  • is an opentransfer.com machine; we don't talk to them due to too much spam.
  • returning from previous listings are (still tried to mail us with origin addresses that had tripped our spamtraps), (still a giga.net.tw dynamic IP address), and (bad HELO).
  • is in SBL34212.
  • was on the DSBL, but has been delisted during the week.
  • kept trying to mail us with an origin address that had tripped our spamtraps.

This has clearly been a really slow week for bad HELO names.

Connection time rejection stats:

  14635 total
   7050 dynamic IP
   4316 bad or no reverse DNS
   1627 class bl-cbl
    496 class bl-sbl
    376 class bl-ordb
    197 class bl-dsbl
    153 class bl-sdul
    135 class bl-spews
     25 class bl-njabl
      2 class bl-opm

No single IP address stands out in this week's statistics.

Other stats:

what # this week (distinct IPs) # last week (distinct IPs)
Bad HELOs 3011 166 3613 165
Bad bounces 387 265 774 570

Bounces are significantly down from the already low numbers for last week. Perhaps spammers have finally given up on forging us as the origin address for their spams? (A weary postmaster can dream.)

spam/SpamSummary-2005-11-19 written at 01:59:30; Add Comment

Page tools: See As Normal.
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.