Weekly spam summary on October 14, 2006
This week, we:
- got 13,890 messages from 262 different IP addresses.
- handled 18,923 sessions from 1,185 different IP addresses.
- received 187,506 connections from at least 50,091 different IP addresses.
- hit a highwater of 22 connections being checked at once.
Connection volume is up again from last week, but everything else is down. Things fluctuated over the week:
Kernel level packet filtering top ten:
Host/Mask Packets Bytes 126.96.36.199 62524 3251K 188.8.131.52/24 6103 275K 184.108.40.206/12 4367 213K 220.127.116.11/10 4270 230K 18.104.22.168 3993 187K 22.214.171.124 3562 178K 126.96.36.199 2965 130K 188.8.131.52/24 2841 144K 184.108.40.206/11 2813 139K 220.127.116.11 2478 149K
The overall numbers are down from last week, especially for single IP addresses.
- 18.104.22.168 returns from last week.
- 22.214.171.124 returns from August, still a covad.net 'dialup'.
- 126.96.36.199 is on the NJABL.
- 188.8.131.52 is a mundo-r.com outgoing SMTP gateway; they tried to send us a bunch of advance fee fraud spam this week.
- 184.108.40.206 tried to send us a bunch of phish spam that had already hit our spamtraps.
Connection time rejection stats:
42288 total 19382 dynamic IP 19198 bad or no reverse DNS 2078 class bl-cbl 396 class bl-dsbl 255 class bl-sdul 135 class bl-njabl 117 class bl-spews 110 cuttingedgemedia.com 37 class bl-sbl 19 class bl-ordb
Three out of the top 30 most rejected IP addresses were rejected 100
times or more, with the leader being 220.127.116.11 (136 times).
23 of the top 30 are currently in the CBL, 10 are currently in
bl.spamcop.net, and one, 18.104.22.168, is part of SBL45150, the Cutting Edge
Media SBL listing.
So much for them going away, evidently.
This week, Hotmail gave to us:
- no messages accepted.
- no messages rejected because they came from non-Hotmail email addresses.
- 27 messages sent to our spamtraps.
- 7 messages refused because their sender addresses had already hit our spamtraps.
- no messages refused due to their origin IP address
And the final numbers:
|what||# this week||(distinct IPs)||# last week||(distinct IPs)|
The champion source of bad
HELO names is 22.214.171.124 (126
times), followed by 126.96.36.199 (75 times). Many of the bad
bounces continue to come from Eastern Europe, and the pattern
of bad usernames being mostly Slavic female names continues.
We did have one bounce to
3E4B, from the same IP address as
last week's (188.8.131.52).