Weekly spam summary on August 5th, 2006
This week, we:
- got 12,245 messages from 230 different IP addresses.
- handled 16,343 sessions from 801 different IP addresses.
- received 141,499 connections from at least 42,169 different IP addresses.
- hit a highwater of 7 connections being checked at once.
This is down slightly from last week. We will probably see variations in accepted messages all August, since this is both doldrums and panic time at universities. The per day figures:
Day | Connections | different IPs |
Sunday | 18,437 | +6,800 |
Monday | 23,100 | +7,321 |
Tuesday | 20,005 | +6,048 |
Wednesday | 19,753 | +5,055 |
Thursday | 21,940 | +6,772 |
Friday | 24,820 | +6,628 |
Saturday | 13,444 | +3,545 |
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 203.62.232.83 14645 745K 213.4.149.12 6550 341K 210.245.60.162 5705 254K 62.212.90.203 3219 159K 220.160.0.0/11 2743 138K 212.216.176.0/24 2542 128K 61.128.0.0/10 2375 119K 213.129.201.64 2208 106K 218.0.0.0/11 2199 110K 80.128.0.0/12 2148 108K
The top is up a lot but the rest is down a bit from last week.
- 203.62.232.83 and 210.245.60.162 are APNIC IP addresses with no
reverse DNS; the former in Australia, the latter in Vietnam (and
on
bl.spamcop.net
). - 213.4.149.12 (bad
HELO
), 62.212.90.203 (bad reverse DNS), and 213.129.201.64 (badHELO
) return from last week.
Connection time rejection stats:
34294 total 17031 dynamic IP 13730 bad or no reverse DNS 2243 class bl-cbl 251 class bl-njabl 190 class bl-sdul 105 class bl-sbl 102 class bl-ordb 97 class bl-spews 61 class bl-dsbl
Out of the 30 most rejected IP addresses, 3 were rejected more than
100 times; 66.168.202.47 (763 times, charter.com cablemodem, on the
CBL et al), 210.245.60.162 (195 times), and 221.127.187.13 (129 times,
Hong Kong with no reverse DNS, on the CBL et al). 16 of the top 30 are
currently in the CBL, and 8 are currently in bl.spamcop.net
.
Hotmail has slightly improved from last week:
- no messages accepted.
- 6 messages rejected because they came from non-Hotmail email addresses.
- 11 messages sent to our spamtraps.
- 2 messages refused because their sender addresses had already hit our spamtraps.
- no messages refused due to their origin IP address.
As with last week, all of the 'non-Hotmail email addresses' are other Hotmail properties. While less suggestive than last week's, none of the usernames fill me with great joy and confidence that they are real people (or at least real people located somewhere besides a Nigerian cybercafe).
And the final numbers:
what | # this week | (distinct IPs) | # last week | (distinct IPs) |
Bad HELO s |
474 | 42 | 528 | 44 |
Bad bounces | 28 | 25 | 38 | 26 |
This week, there are no really outstanding sources of bad HELO
names
(and, since I have looked, no really hysterically absurd ones either).
Bad bounce destinations are much like last week, and just like last week the spammer using the 38-character hex strings seems to have stayed gone. I have to confess I sort of miss them; they injected a certain dose of surreality into the proceedings.
|
|