This week I'm leading with Hotmail's numbers, because they continue to be a depressing testament to Hotmail's spam problem. This week's Hotmail statistics are:

• one email accepted, probably advance fee fraud spam from the Hotmail user name.
• 14 Hotmail messages refused due to their originating IP addresses (4 in the SBL, 4 in the XBL, three from Nigeria, two from SAIX, and one from the Cote d'Ivoire).
• 31 Hotmail messages refused because their sender addresses had already hit our spamtraps.
• 251 messages from Hotmail refused because they came from non-Hotmail email addresses.

At this point it's hard to see a point to continuing to accept Hotmail's email. And it's not like Hotmail shows any signs of dealing with their problem; they've offloaded it onto the rest of us.

On to other stats. This week we received 13,175 email messages from 230 different IP addresses. Our SMTP server handled 22,087 sessions from 1,695 different IP addresses. Both of these numbers are about the same as last week.

Our connection volume is up from the depths of last week: 179,300 connections from at least 30,000 different IP addresses.

Day	Connections	different IPs
Sunday	10,000	4,230
Monday	12,400	+4,840
Tuesday	67,750	+4,410
Wednesday	38,000	+4,220
Thursday	14,960	+4,370
Friday	23,000	+4,450
Saturday	13,100	+3,550

Tuesday is responsible for more than a third of the connections all on its own, with a spillover into Wednesday and a bit of a spike on Wednesday. Otherwise things are pretty close to last week's daily rates.

Kernel level packet filtering top ten:

Host/Mask           Packets   Bytes
64.52.16.234          11730    548K
66.154.124.0/28       10428    584K
69.105.51.114          7892    369K
212.216.176.0/24       7723    386K
61.128.0.0/10          7210    351K
80.33.77.149           6128    309K
130.69.197.3           4675    281K
203.167.99.194         4410    212K
219.71.176.89          3577    172K
66.179.44.52           3286    158K

This is a skewed distribution, but not as skewed as last week.

• 64.52.16.234, 69.105.51.114, and 66.179.44.52 continue to send us bad HELO names.
• 203.167.99.194 is an etpi.com.ph machine with no reverse DNS.
• 219.71.176.89 is a giga.net.tw cablemodem.
• 80.33.77.149 and 130.69.197.3 both tripped our spamtraps and then persistently kept trying to mail us.

Connection time rejection stats:

  16386 total
   8270 dynamic IP
   4714 bad or no reverse DNS
   1407 class bl-cbl
    662 class bl-ordb
    504 class bl-sbl
    224 class bl-spews
     90 class bl-dsbl
     71 class bl-sdul
     54 class bl-njabl
      2 class bl-opm

The dynamic IP category jumped in significant part due to just one machine, 83.196.157.151 (a wanadoo.fr dialup), trying 1,796 times to connect before it got blocked harder. (And this happened on Tuesday.)

Other stats:

what	# this week	(distinct IPs)	# last week	(distinct IPs)
Bad HELOs	3613	165	1645	155
Bad bounces	774	570	1096	424

I'm not going to try to read meaning into the changed bounce count. There were definitely some quite persistent sources of bad HELO names this week.