How many places actually send us email?
A few weeks ago I discovered that only 220 different IP addresses sent us actual email over the course of a week. This naturally raises the question: was this just a slow week, or is this typical? The answer turns out to be 'maybe'.
On the system I usually run my stats on, I only have logs going back about 28 days; looking at the entire time period, there was email from 443 different IP addresses. Not surprisingly, the distribution of how much email comes from where is very uneven, with almost all of the email we get is from a few mailing list hosts and the campus-wide email system.
On another system I have logs going back almost a year. Over that time, we got email from only 1,427 different IP addresses (only 95,000 email messages, though). On this system, the big source of email turns out to be Yahoo's webmail, and again things have a very sharp dropoff.
While this has practical uses for our specific situation, the more I think about it the less I think it really generalizes very well. Most of the people here use the central campus-wide email system and at most have their email forwarded from there to our systems; only a relatively few are still using our systems as their primary email system.
The usual quick rejection stats for 2005-07-16
IP level rejections:
Host/Mask Packets Bytes 81.201.5.5 8932 429K 212.216.176.0/24 8005 418K 61.128.0.0/10 3540 177K 216.7.201.43 3430 165K 220.160.0.0/11 3107 155K 219.128.0.0/12 2773 136K 212.80.76.44 2608 139K 24.156.64.52 2422 116K 65.214.61.100 2340 112K 65.109.239.171 2303 138K 66.176.226.248 2291 110K 83.103.30.214 2253 115K 218.0.0.0/11 2228 109K 68.122.156.130 2177 111K 222.32.0.0/11 2048 99228 12.31.56.73 1790 85920 221.216.0.0/13 1758 85524 83.103.57.17 1696 86256 216.138.221.42 1525 73200
There's a number of the usual suspects reappearing again, unfortunately. Including the mysterious 24.156.64.52 that keeps hammering on us (a Google search suggests that it may be virus-infested).
Connection-time rejections:
33011 total 2249 class bl-cbl 1355 class bl-dsbl 1034 class bl-ordb 292 class bl-spews 260 class bl-njabl 176 class bl-sbl 147 class bl-sdul 28 class bl-opm
The DNS blocklists seem to have significantly shuffled themselves around; SPEWS is way down, list.dsbl.org and relays.ordb.org are way up. Looking at rejection sources for each, there seems to be no sign of anything in particular being wrong or badly listed, although there's a number of really persistent would-be sending machines.
Also, it may be that spammers are finally stopping forging our domain names on their spam, as the number of bounces to bogus users and bad HELOs that we got this week are well down from their levels last week. (And last week was a normal week for this sort of stuff.)
Last week | This week | |
bounce sessions | 613 | 105 |
bad HELOs | 2585 | 565 |
That would be nice if it's true and holds up; I am really, really tired of spam backscatter.
|
|