Weekly spam summary on February 11th, 2006
Hotmail has been startlingly quiet this week. The numbers:
- One message accepted.
- 24 messages rejected because they came from non-Hotmail email addresses.
- 68 messages sent to our spamtraps.
- 23 messages refused because their sender addresses had already hit our spamtraps.
- 10 messages refused due to their origin IP address (two in the SBL, one in the CBL, and then the rest from an assortment of places we pretty much don't talk to any more).
The basic stats:
- got 14,062 messages from 224 different IP addresses.
- handled 27,174 sessions from 1,771 different IP addresses.
- received 161,000 connections from at least 53,153 different IP addresses.
- a highwater of 16 connections being checked at once.
The session and connection volume is up from last week. Connection volume fluctuates significantly during the week:
(Unfortunately, Thursday's numbers may be because of something I did that day. It seems I really should automate more things.)
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 220.127.116.11/24 5455 276K 18.104.22.168/10 5218 272K 22.214.171.124/11 2820 142K 126.96.36.199 2692 133K 188.8.131.52 2561 120K 184.108.40.206/11 2396 121K 220.127.116.11/12 2133 109K 18.104.22.168/13 2000 100K 22.214.171.124 1948 91074 126.96.36.199 1906 89108
This week is even quieter than last week, plus has a lot more Chinese netblocks making the list (although tin.it earned top place). Of the rest:
- 188.8.131.52 and 184.108.40.206 reappear from last week.
- 220.127.116.11 kept trying to feed us an unresolvable
- 18.104.22.168 is a cox.net cablemodem customer with a 'dialup' reverse DNS.
Connection time rejection stats:
31235 total 15286 dynamic IP 10452 bad or no reverse DNS 3413 class bl-cbl 403 class bl-sbl 335 class bl-dsbl 331 class bl-spews 114 class bl-sdul 51 class bl-ordb 37 class bl-njabl 11 class bl-opm
This was a big week for hammering on the frontend; 22 IP addresses were refused 100 times or more, with the winner being 22.214.171.124 at 364 connections refused for having no reverse DNS. This week marks a record, with none of the top 30 refused IPs being in the CBL; three are in the SBL (126.96.36.199 and 188.8.131.52 in SBL37385, and 184.108.40.206 in SBL34872).
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Oh look; massively up compared to the past couple of weeks. I guess
spammers are forging us as the
MAIL FROM again. 34 different IP
addresses tried bad
HELOs a hundred times or more; the really big
ones are 220.127.116.11 (367 times), 18.104.22.168 (269 times), and
22.214.171.124 (237 times).