How many places actually send us email?
A few weeks ago I discovered that only 220 different IP addresses sent us actual email over the course of a week. This naturally raises the question: was this just a slow week, or is this typical? The answer turns out to be 'maybe'.
On the system I usually run my stats on, I only have logs going back about 28 days; looking at the entire time period, there was email from 443 different IP addresses. Not surprisingly, the distribution of how much email comes from where is very uneven, with almost all of the email we get is from a few mailing list hosts and the campus-wide email system.
On another system I have logs going back almost a year. Over that time, we got email from only 1,427 different IP addresses (only 95,000 email messages, though). On this system, the big source of email turns out to be Yahoo's webmail, and again things have a very sharp dropoff.
While this has practical uses for our specific situation, the more I think about it the less I think it really generalizes very well. Most of the people here use the central campus-wide email system and at most have their email forwarded from there to our systems; only a relatively few are still using our systems as their primary email system.
The usual quick rejection stats for 2005-07-16
IP level rejections:
Host/Mask Packets Bytes 184.108.40.206 8932 429K 220.127.116.11/24 8005 418K 18.104.22.168/10 3540 177K 22.214.171.124 3430 165K 126.96.36.199/11 3107 155K 188.8.131.52/12 2773 136K 184.108.40.206 2608 139K 220.127.116.11 2422 116K 18.104.22.168 2340 112K 22.214.171.124 2303 138K 126.96.36.199 2291 110K 188.8.131.52 2253 115K 184.108.40.206/11 2228 109K 220.127.116.11 2177 111K 18.104.22.168/11 2048 99228 22.214.171.124 1790 85920 126.96.36.199/13 1758 85524 188.8.131.52 1696 86256 184.108.40.206 1525 73200
There's a number of the usual suspects reappearing again, unfortunately. Including the mysterious 220.127.116.11 that keeps hammering on us (a Google search suggests that it may be virus-infested).
33011 total 2249 class bl-cbl 1355 class bl-dsbl 1034 class bl-ordb 292 class bl-spews 260 class bl-njabl 176 class bl-sbl 147 class bl-sdul 28 class bl-opm
The DNS blocklists seem to have significantly shuffled themselves around; SPEWS is way down, list.dsbl.org and relays.ordb.org are way up. Looking at rejection sources for each, there seems to be no sign of anything in particular being wrong or badly listed, although there's a number of really persistent would-be sending machines.
Also, it may be that spammers are finally stopping forging our domain names on their spam, as the number of bounces to bogus users and bad HELOs that we got this week are well down from their levels last week. (And last week was a normal week for this sort of stuff.)
|Last week||This week|
That would be nice if it's true and holds up; I am really, really tired of spam backscatter.