Weekly spam summary on January 21st, 2005
I'm going to lead with the Hotmail spam numbers, because they continue to be catastrophic.
- two emails accepted, both from spamlike Hotmail usernames.
- 376 messages rejected because they came from non-Hotmail email addresses.
- 134 messages sent to our spamtraps.
- 17 messages refused because their sender addresses had already hit our spamtraps.
- 5 messages refused due to their origin IP address (four for being in the SBL and one for being sent from SAIX, which has an advance fee fraud spam problem).
Happily, the rest of the weekly numbers are much better.
This week we received 13,873 email messages from 213 different IP addresses. Our SMTP server handled 17,484 sessions from 933 different IP addresses. This is about the same volume as last week.
Connection volume is up a bit from last week: 143,447 connections from at least 50,890 different IP addresses. The simultaneous connections highwater was only 27, so burst volume is down from last week. Per day figures:
Overall this seems to have been a more even week than last week.
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 220.127.116.11/12 5060 248K 18.104.22.168 5013 301K 22.214.171.124 4866 292K 126.96.36.199/24 4527 218K 188.8.131.52/10 3970 201K 184.108.40.206 3389 194K 220.127.116.11 3280 141K 18.104.22.168 3263 157K 22.214.171.124 2660 160K 126.96.36.199/13 2576 126K
This is a slow week for the kernel top ten, slow enough that quite a lot of large blocks make the list.
- 188.8.131.52 and 184.108.40.206 both return from last week.
- 220.127.116.11 is a centrum.cz machine; we haven't talked to them for ages. Another one in the same subnet made the list last week.
- 18.104.22.168 is a telefonica.net machine we have had blocked for
ages as a source of bad
- 22.214.171.124 is an Adelphia IP address that looks dynamic to us, and is widely listed on any number of DNS blocklists.
Connection time rejection stats:
30429 total 16005 dynamic IP 9483 bad or no reverse DNS 2779 class bl-cbl 564 class bl-ordb 436 class bl-sbl 192 class bl-dsbl 181 class bl-spews 152 class bl-sdul 94 class bl-njabl 15 class bl-opm
No surprises and no particularly big single sources, although 126.96.36.199 tried hard (271 connections, blocked for being in APNIC without good reverse DNS). Only 8 of the top 30 IP sources were in the CBL this time around; three were on the SBL and 12 are currently listed in bl.spamcop.net.
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
These numbers have cratered since last week; they may be our lowest
ever. A quarter of the bad
HELO names came from a single IP address,