Spam statistics.

Discussion in 'Broadband' started by The Natural Philosopher, Aug 19, 2014.

  1. A few weeks ago I started to get flooded with spam, and a real effort to
    clean up my mail has been undertaken.

    I thought the following stats might be of interest

    vps:~# grep Unrouteable /var/log/exim4/rejectlog.1 | wc -l
    98
    vps:~# grep blacklisted /var/log/exim4/rejectlog.1 | wc -l
    13
    vps:~# grep "relay not permitted" /var/log/exim4/rejectlog.1 | wc -l
    43
    vps:~# grep "spamhaus" /var/log/exim4/rejectlog.1 | wc -l
    138
    vps:~# cat /var/log/exim4/rejectlog.1 | wc -l
    292

    These are from the rejected mail logs of my mail server - I don't use an
    ISPs mail service. For a single day. Only two of us have mail accounts
    in this machine..

    So in a day, we were targeted 292 emails that we really didn't want.
    138 were rejected as coming from 'home Pcs' - i.e. addresses in dynamic
    pools known to spamhaus that have no business sending email directly.
    98 were to people who dont exist in domains that do. Interestingly the
    mail setup checks this first, and usually these are in fact from random
    PCS and botnets that get rejected if they hit lucky with a username that
    does exist, by the first filter.

    43 attempts were made to use me to send other peoples mail entirely

    and my newest filter, a self maintained blacklist containing nearly 200
    domains that are used as sender domains to send pure marketing spam
    netted 13 attempts.

    4 spams got through and were detected by thunderbird. I will blacklist
    them for next time.

    In the same day we might expect 10-15 actual real emails.

    The ratio of spam to real is about 20:1

    I mention this because what prompted the construction of a new filter
    was as far as I can make out the 'deregulation' of namespaces in the
    domain service. Notably .me and .us have been purchased by a marketing
    company that registers about 20 new domains a day - perfectly valid
    domains - and sends out spam from perfectly valid servers.

    It doesn't help that my oldest email address has been on the internet
    for at least 20 years now...it seems to appear twice in a list that
    several companies have obtained.

    my wife's name only appears in 19 of the rejects...
     
    The Natural Philosopher, Aug 19, 2014
    #1
    1. Advertisements

  2. The Natural Philosopher

    Brian Gaff Guest

    How do you explain, for example that I have several virginmedia/blueyonder
    email addresses, all tend to get spam, but one of the never seems to.
    Even though its out there on web sites.
    Either virgin have that running just so, or more likely its for some
    reasin not being picked up.
    its eyecont at blueyonder.co.uk.
    I have munged that of course.

    I do sometimes have emails vanish and I usually put this down to one of the
    servers that virgin uses being blacklisted due to a less than careful user.
    Brian
     
    Brian Gaff, Aug 19, 2014
    #2
    1. Advertisements

  3. The Natural Philosopher

    Jb Guest

    Does this only affect servers or do domestic desktops do the same thing
    without us being aware of it?
    Jb
     
    Jb, Aug 19, 2014
    #3
  4. I had to move my email hosting elsewhere because of this sort of thing.

    Emails sent from .us/.me/.mobi tld's from seemingly legitimate mail
    servers, often with valid SPF/DKIM records, which makes it fairly
    difficult for your average spam filter to detect.

    Barracuda, ivmSIP and Mailspike RBLs (I can't use Spamhaus for reasons
    I'll not go into) catch a lot of it.

    The rest I've gradually reduced over time by aggressively rejecting mail
    from the /24's it's originating from.
     
    Plusnet Support Team, Aug 19, 2014
    #4
  5. ISPs are fairly good at maintaining spam filters themselves
     
    The Natural Philosopher, Aug 19, 2014
    #5
  6. I don't do anything fancy. But a couple of weeks back I had a burst of
    "undeliverables" where a couple of hundred emails had been sent with my
    address as "from". I wonder how many were actually sent, and thrown
    straight in the bin?

    Andy
     
    Vir Campestris, Aug 19, 2014
    #6
  7. The Natural Philosopher

    Woody Guest

    message

    Are you using a good Internet security package such a
    Kaspersky, Bitdefender, or McAfee? If so you should not get
    spammed like that.
     
    Woody, Aug 19, 2014
    #7
  8. The Natural Philosopher

    Huge Guest

    My current place of employ drops some 15,000,000 spam emails a day.
     
    Huge, Aug 20, 2014
    #8
  9. Get real. Its the people with windows PCS that have my address in their
    email contacts that need to actually get the virus scanners.

    Not me.

    I simply have to deal with the results.
    And once an address is harvested, these marketing people exchange valid
    lists of emails with each other.
     
    The Natural Philosopher, Aug 20, 2014
    #9
  10. A few of them will be Linux boxes, or Apple. Or maybe even 'phones these
    days.

    But otherwise - I agree completely.

    Andy
     
    Vir Campestris, Aug 21, 2014
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.