Weekly spam summary on January 21st, 2005
I'm going to lead with the Hotmail spam numbers, because they continue to be catastrophic.
- two emails accepted, both from spamlike Hotmail usernames.
- 376 messages rejected because they came from non-Hotmail email addresses.
- 134 messages sent to our spamtraps.
- 17 messages refused because their sender addresses had already hit our spamtraps.
- 5 messages refused due to their origin IP address (four for being in the SBL and one for being sent from SAIX, which has an advance fee fraud spam problem).
Happily, the rest of the weekly numbers are much better.
This week we received 13,873 email messages from 213 different IP addresses. Our SMTP server handled 17,484 sessions from 933 different IP addresses. This is about the same volume as last week.
Connection volume is up a bit from last week: 143,447 connections from at least 50,890 different IP addresses. The simultaneous connections highwater was only 27, so burst volume is down from last week. Per day figures:
Overall this seems to have been a more even week than last week.
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 188.8.131.52/12 5060 248K 184.108.40.206 5013 301K 220.127.116.11 4866 292K 18.104.22.168/24 4527 218K 22.214.171.124/10 3970 201K 126.96.36.199 3389 194K 188.8.131.52 3280 141K 184.108.40.206 3263 157K 220.127.116.11 2660 160K 18.104.22.168/13 2576 126K
This is a slow week for the kernel top ten, slow enough that quite a lot of large blocks make the list.
- 22.214.171.124 and 126.96.36.199 both return from last week.
- 188.8.131.52 is a centrum.cz machine; we haven't talked to them for ages. Another one in the same subnet made the list last week.
- 184.108.40.206 is a telefonica.net machine we have had blocked for
ages as a source of bad
- 220.127.116.11 is an Adelphia IP address that looks dynamic to us, and is widely listed on any number of DNS blocklists.
Connection time rejection stats:
30429 total 16005 dynamic IP 9483 bad or no reverse DNS 2779 class bl-cbl 564 class bl-ordb 436 class bl-sbl 192 class bl-dsbl 181 class bl-spews 152 class bl-sdul 94 class bl-njabl 15 class bl-opm
No surprises and no particularly big single sources, although 18.104.22.168 tried hard (271 connections, blocked for being in APNIC without good reverse DNS). Only 8 of the top 30 IP sources were in the CBL this time around; three were on the SBL and 12 are currently listed in bl.spamcop.net.
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
These numbers have cratered since last week; they may be our lowest
ever. A quarter of the bad
HELO names came from a single IP address,