Wandering Thoughts archives

2006-02-26

SpamSummary-2006-02-25

Weekly spam summary on February 25th, 2006

Here's how Hotmail stacks up this week:

  • 4 messages accepted; unfortunately, one of them was definitely spam and at least two more probably were.
  • 21 messages rejected because they came from non-Hotmail email addresses.
  • 49 messages sent to our spamtraps.
  • 4 messages refused because their sender addresses had already hit our spamtraps.
  • 6 messages refused due to their origin IP address, all for being in the SBL; four from SBL17935, one from SBL27471, and one from SBL33955.

Pretty much everything is down compared to last week. Amazingly, Hotmail may actually be dealing with their whole spam problem.

Next, the basic stats:

  • got 14,001 messages from 235 different IP addresses.
  • handled 19,476 sessions from 968 different IP addresses.
  • received 132,936 connections from at least 46,917 different IP addresses.
  • a highwater of only 6 connections being checked at once.

In short, things are down from last week. The per-day stats are basically flat at ~18,000 connections a day, but jump to ~22,000 on Sunday and Friday.

Kernel level packet filtering top ten:

Host/Mask           Packets   Bytes
203.123.36.140         7213    433K
212.216.176.0/24       4791    242K
80.190.233.48          3743    225K
61.128.0.0/10          3206    166K
194.5.37.253           2994    170K
68.107.219.194         2181    105K
205.206.209.28         2174    100K
219.128.0.0/12         2015    103K
220.160.0.0/11         1916   98292
69.239.229.58          1654   84104

While the most active contestant is higher, overall I'd have to say that this is quieter than last week. All of the top individual IP addresses are new.

  • 203.123.36.140 and 80.190.233.48 don't have IP to name information.
  • 68.107.219.194 and 69.239.229.58 smelled like DSL or cablemodem dynamic IP addresses to us.
  • 194.5.37.253 tripped our spamtraps and then kept trying to send us tainted stuff, and is currently listed in bl.spamcop.net and in SORBS's spam zone for hitting their spamtraps.
  • 205.206.209.28 is, whoops, a telus.com mail server that HELO'd with a bogus name a lot. Apparently it's running Microsoft Exchange. We may have to exempt it from the bad HELO name checks.

Connection time rejection stats:

  28453 total
  13771 dynamic IP
  10160 bad or no reverse DNS
   3066 class bl-cbl
    325 class bl-ordb
    285 class bl-sbl
    222 class bl-spews
    120 class bl-sdul
    117 class bl-njabl
     86 class bl-dsbl
      4 class bl-opm

Bad reverse DNS is up this week compared to last week, but that's about it. For individual IPs, things are even more evenly distributed this week, with only one IP address being refused more than 100 times (202.175.50.201, 177 times). Eight of the top 30 most refused IPs are currently in the CBL and three are currently in bl.spamcop.net; repeating last week, none are in the SBL.

And the final numbers:

what # this week (distinct IPs) # last week (distinct IPs)
Bad HELOs 1736 123 6167 364
Bad bounces 249 122 1994 1031

These numbers aren't yet down to the old low numbers, but at least they're dropping from last week's levels. There are no really 'outstanding' sources; only one IP address tried a bad HELO more than a hundred times, for example.

spam/SpamSummary-2006-02-25 written at 03:27:09; Add Comment

EmailHassle

The hassle of email (as compared to RSS)

In my recent 'give me RSS feeds' entry I wrote in passing '[...] these days email is just too much of a hassle'. Which it is. Let me illustrate how.

To subscribe to new mailing lists these days I need to:

  1. figure out how to subscribe
  2. make up a new email address to give the list
  3. go through a multi-stage subscription dance
  4. make sure our antispam filters won't eat the list messages
  5. adjust my filters to put the messages somewhere distinct
  6. remember to check and read wherever I dumped it

In short, a hassle. Add bonus hassle if I ever want to unsubscribe to the list; often it's simpler to just kill the address. (Sometimes it's the only way out.)

A lot of this is due to spam. Some of it is due to vendor abuses of trust (leading to spam). Some of it is just because I no longer have any interest in sorting my inbox by hand; the volume is too high and my time is too short.

(Is it any wonder that reading mailing lists via newsgroups, especially newsgroups that someone else runs, is popular?)

Compare this to RSS:

  • feed readers are good at showing me just updated feeds.
  • feeds come pre-sorted from each other.
  • subscribing to an RSS feed is easy.
  • unsubscribing from an RSS feed is equally easy.
  • I don't have to give you any information to subscribe.

It's sad to offhandedly write things like 'email is just too much of a hassle', and then realize that I mean it. It shouldn't be like this; it didn't used to be like this. But it is like this now. Sic transit gloria mundi.

tech/EmailHassle written at 00:49:37; Add Comment

(Previous day | Next day)
By day for February 2006: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28; before February; after February.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Mastodon: @cks
Twitter @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web
Also: (Sub)topics

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.