Weekly spam summary on February 11th, 2006
Hotmail has been startlingly quiet this week. The numbers:
- One message accepted.
- 24 messages rejected because they came from non-Hotmail email addresses.
- 68 messages sent to our spamtraps.
- 23 messages refused because their sender addresses had already hit our spamtraps.
- 10 messages refused due to their origin IP address (two in the SBL, one in the CBL, and then the rest from an assortment of places we pretty much don't talk to any more).
The basic stats:
- got 14,062 messages from 224 different IP addresses.
- handled 27,174 sessions from 1,771 different IP addresses.
- received 161,000 connections from at least 53,153 different IP addresses.
- a highwater of 16 connections being checked at once.
The session and connection volume is up from last week. Connection volume fluctuates significantly during the week:
(Unfortunately, Thursday's numbers may be because of something I did that day. It seems I really should automate more things.)
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 184.108.40.206/24 5455 276K 220.127.116.11/10 5218 272K 18.104.22.168/11 2820 142K 22.214.171.124 2692 133K 126.96.36.199 2561 120K 188.8.131.52/11 2396 121K 184.108.40.206/12 2133 109K 220.127.116.11/13 2000 100K 18.104.22.168 1948 91074 22.214.171.124 1906 89108
This week is even quieter than last week, plus has a lot more Chinese netblocks making the list (although tin.it earned top place). Of the rest:
- 126.96.36.199 and 188.8.131.52 reappear from last week.
- 184.108.40.206 kept trying to feed us an unresolvable
- 220.127.116.11 is a cox.net cablemodem customer with a 'dialup' reverse DNS.
Connection time rejection stats:
31235 total 15286 dynamic IP 10452 bad or no reverse DNS 3413 class bl-cbl 403 class bl-sbl 335 class bl-dsbl 331 class bl-spews 114 class bl-sdul 51 class bl-ordb 37 class bl-njabl 11 class bl-opm
This was a big week for hammering on the frontend; 22 IP addresses were refused 100 times or more, with the winner being 18.104.22.168 at 364 connections refused for having no reverse DNS. This week marks a record, with none of the top 30 refused IPs being in the CBL; three are in the SBL (22.214.171.124 and 126.96.36.199 in SBL37385, and 188.8.131.52 in SBL34872).
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
Oh look; massively up compared to the past couple of weeks. I guess
spammers are forging us as the
MAIL FROM again. 34 different IP
addresses tried bad
HELOs a hundred times or more; the really big
ones are 184.108.40.206 (367 times), 220.127.116.11 (269 times), and
18.104.22.168 (237 times).