Weekly spam summary on February 11th, 2006
Hotmail has been startlingly quiet this week. The numbers:
- One message accepted.
- 24 messages rejected because they came from non-Hotmail email addresses.
- 68 messages sent to our spamtraps.
- 23 messages refused because their sender addresses had already hit our spamtraps.
- 10 messages refused due to their origin IP address (two in the SBL, one in the CBL, and then the rest from an assortment of places we pretty much don't talk to any more).
The basic stats:
- got 14,062 messages from 224 different IP addresses.
- handled 27,174 sessions from 1,771 different IP addresses.
- received 161,000 connections from at least 53,153 different IP addresses.
- a highwater of 16 connections being checked at once.
The session and connection volume is up from last week. Connection volume fluctuates significantly during the week:
(Unfortunately, Thursday's numbers may be because of something I did that day. It seems I really should automate more things.)
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 188.8.131.52/24 5455 276K 184.108.40.206/10 5218 272K 220.127.116.11/11 2820 142K 18.104.22.168 2692 133K 22.214.171.124 2561 120K 126.96.36.199/11 2396 121K 188.8.131.52/12 2133 109K 184.108.40.206/13 2000 100K 220.127.116.11 1948 91074 18.104.22.168 1906 89108
This week is even quieter than last week, plus has a lot more Chinese netblocks making the list (although tin.it earned top place). Of the rest:
- 22.214.171.124 and 126.96.36.199 reappear from last week.
- 188.8.131.52 kept trying to feed us an unresolvable
- 184.108.40.206 is a cox.net cablemodem customer with a 'dialup' reverse DNS.
Connection time rejection stats:
31235 total 15286 dynamic IP 10452 bad or no reverse DNS 3413 class bl-cbl 403 class bl-sbl 335 class bl-dsbl 331 class bl-spews 114 class bl-sdul 51 class bl-ordb 37 class bl-njabl 11 class bl-opm
This was a big week for hammering on the frontend; 22 IP addresses were refused 100 times or more, with the winner being 220.127.116.11 at 364 connections refused for having no reverse DNS. This week marks a record, with none of the top 30 refused IPs being in the CBL; three are in the SBL (18.104.22.168 and 22.214.171.124 in SBL37385, and 126.96.36.199 in SBL34872).
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Oh look; massively up compared to the past couple of weeks. I guess
spammers are forging us as the
MAIL FROM again. 34 different IP
addresses tried bad
HELOs a hundred times or more; the really big
ones are 188.8.131.52 (367 times), 184.108.40.206 (269 times), and
220.127.116.11 (237 times).