How many places actually send us email?
A few weeks ago I discovered that only 220 different IP addresses sent us actual email over the course of a week. This naturally raises the question: was this just a slow week, or is this typical? The answer turns out to be 'maybe'.
On the system I usually run my stats on, I only have logs going back about 28 days; looking at the entire time period, there was email from 443 different IP addresses. Not surprisingly, the distribution of how much email comes from where is very uneven, with almost all of the email we get is from a few mailing list hosts and the campus-wide email system.
On another system I have logs going back almost a year. Over that time, we got email from only 1,427 different IP addresses (only 95,000 email messages, though). On this system, the big source of email turns out to be Yahoo's webmail, and again things have a very sharp dropoff.
While this has practical uses for our specific situation, the more I think about it the less I think it really generalizes very well. Most of the people here use the central campus-wide email system and at most have their email forwarded from there to our systems; only a relatively few are still using our systems as their primary email system.
The usual quick rejection stats for 2005-07-16
IP level rejections:
Host/Mask Packets Bytes 18.104.22.168 8932 429K 22.214.171.124/24 8005 418K 126.96.36.199/10 3540 177K 188.8.131.52 3430 165K 184.108.40.206/11 3107 155K 220.127.116.11/12 2773 136K 18.104.22.168 2608 139K 22.214.171.124 2422 116K 126.96.36.199 2340 112K 188.8.131.52 2303 138K 184.108.40.206 2291 110K 220.127.116.11 2253 115K 18.104.22.168/11 2228 109K 22.214.171.124 2177 111K 126.96.36.199/11 2048 99228 188.8.131.52 1790 85920 184.108.40.206/13 1758 85524 220.127.116.11 1696 86256 18.104.22.168 1525 73200
There's a number of the usual suspects reappearing again, unfortunately. Including the mysterious 22.214.171.124 that keeps hammering on us (a Google search suggests that it may be virus-infested).
33011 total 2249 class bl-cbl 1355 class bl-dsbl 1034 class bl-ordb 292 class bl-spews 260 class bl-njabl 176 class bl-sbl 147 class bl-sdul 28 class bl-opm
The DNS blocklists seem to have significantly shuffled themselves around; SPEWS is way down, list.dsbl.org and relays.ordb.org are way up. Looking at rejection sources for each, there seems to be no sign of anything in particular being wrong or badly listed, although there's a number of really persistent would-be sending machines.
Also, it may be that spammers are finally stopping forging our domain names on their spam, as the number of bounces to bogus users and bad HELOs that we got this week are well down from their levels last week. (And last week was a normal week for this sort of stuff.)
|Last week||This week|
That would be nice if it's true and holds up; I am really, really tired of spam backscatter.