Weekly spam summary on February 25th, 2006
Here's how Hotmail stacks up this week:
- 4 messages accepted; unfortunately, one of them was definitely spam and at least two more probably were.
- 21 messages rejected because they came from non-Hotmail email addresses.
- 49 messages sent to our spamtraps.
- 4 messages refused because their sender addresses had already hit our spamtraps.
- 6 messages refused due to their origin IP address, all for being in the SBL; four from SBL17935, one from SBL27471, and one from SBL33955.
Pretty much everything is down compared to last week. Amazingly, Hotmail may actually be dealing with their whole spam problem.
Next, the basic stats:
- got 14,001 messages from 235 different IP addresses.
- handled 19,476 sessions from 968 different IP addresses.
- received 132,936 connections from at least 46,917 different IP addresses.
- a highwater of only 6 connections being checked at once.
In short, things are down from last week. The per-day stats are basically flat at ~18,000 connections a day, but jump to ~22,000 on Sunday and Friday.
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 22.214.171.124 7213 433K 126.96.36.199/24 4791 242K 188.8.131.52 3743 225K 184.108.40.206/10 3206 166K 220.127.116.11 2994 170K 18.104.22.168 2181 105K 22.214.171.124 2174 100K 126.96.36.199/12 2015 103K 188.8.131.52/11 1916 98292 184.108.40.206 1654 84104
While the most active contestant is higher, overall I'd have to say that this is quieter than last week. All of the top individual IP addresses are new.
- 220.127.116.11 and 18.104.22.168 don't have IP to name information.
- 22.214.171.124 and 126.96.36.199 smelled like DSL or cablemodem dynamic IP addresses to us.
- 188.8.131.52 tripped our spamtraps and then kept trying to send us
tainted stuff, and is currently listed in bl.spamcop.net and in
spamzone for hitting their spamtraps.
- 184.108.40.206 is, whoops, a telus.com mail server that
HELO'd with a bogus name a lot. Apparently it's running Microsoft Exchange. We may have to exempt it from the bad
Connection time rejection stats:
28453 total 13771 dynamic IP 10160 bad or no reverse DNS 3066 class bl-cbl 325 class bl-ordb 285 class bl-sbl 222 class bl-spews 120 class bl-sdul 117 class bl-njabl 86 class bl-dsbl 4 class bl-opm
Bad reverse DNS is up this week compared to last week, but that's
about it. For individual IPs, things are even more evenly distributed
this week, with only one IP address being refused more than 100 times
(220.127.116.11, 177 times). Eight of the top 30 most refused IPs are
currently in the CBL and three are currently
bl.spamcop.net; repeating last week, none are in the SBL.
And the final numbers:
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
These numbers aren't yet down to the old low numbers, but at least they're dropping from last
week's levels. There are no really 'outstanding' sources; only one IP
address tried a bad
HELO more than a hundred times, for example.