Weekly spam summary on February 11th, 2006
Hotmail has been startlingly quiet this week. The numbers:
- One message accepted.
- 24 messages rejected because they came from non-Hotmail email addresses.
- 68 messages sent to our spamtraps.
- 23 messages refused because their sender addresses had already hit our spamtraps.
- 10 messages refused due to their origin IP address (two in the SBL, one in the CBL, and then the rest from an assortment of places we pretty much don't talk to any more).
The basic stats:
- got 14,062 messages from 224 different IP addresses.
- handled 27,174 sessions from 1,771 different IP addresses.
- received 161,000 connections from at least 53,153 different IP addresses.
- a highwater of 16 connections being checked at once.
The session and connection volume is up from last week. Connection volume fluctuates significantly during the week:
(Unfortunately, Thursday's numbers may be because of something I did that day. It seems I really should automate more things.)
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 18.104.22.168/24 5455 276K 22.214.171.124/10 5218 272K 126.96.36.199/11 2820 142K 188.8.131.52 2692 133K 184.108.40.206 2561 120K 220.127.116.11/11 2396 121K 18.104.22.168/12 2133 109K 22.214.171.124/13 2000 100K 126.96.36.199 1948 91074 188.8.131.52 1906 89108
This week is even quieter than last week, plus has a lot more Chinese netblocks making the list (although tin.it earned top place). Of the rest:
- 184.108.40.206 and 220.127.116.11 reappear from last week.
- 18.104.22.168 kept trying to feed us an unresolvable
- 22.214.171.124 is a cox.net cablemodem customer with a 'dialup' reverse DNS.
Connection time rejection stats:
31235 total 15286 dynamic IP 10452 bad or no reverse DNS 3413 class bl-cbl 403 class bl-sbl 335 class bl-dsbl 331 class bl-spews 114 class bl-sdul 51 class bl-ordb 37 class bl-njabl 11 class bl-opm
This was a big week for hammering on the frontend; 22 IP addresses were refused 100 times or more, with the winner being 126.96.36.199 at 364 connections refused for having no reverse DNS. This week marks a record, with none of the top 30 refused IPs being in the CBL; three are in the SBL (188.8.131.52 and 184.108.40.206 in SBL37385, and 220.127.116.11 in SBL34872).
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Oh look; massively up compared to the past couple of weeks. I guess
spammers are forging us as the
MAIL FROM again. 34 different IP
addresses tried bad
HELOs a hundred times or more; the really big
ones are 18.104.22.168 (367 times), 22.214.171.124 (269 times), and
126.96.36.199 (237 times).