Abrupt spam increase
Don Levey
lug at the-leveys.us
Fri Jun 4 10:38:00 EDT 2004
wrote:
> I've noticed over the past 6 weeks a sudden, abrupt increase in the
> flow of spam on my home server. It's gone from about 250/day to
> 440/day; last month's average daily flow was about 360.
>
> Thus far I've been simply directing it to a quarantine folder, and
> keeping general tabs on the volume.
>
> But as volume grows, at some point I'll want to do something
> different. I have a couple of questions:
>
> (1) Have any of y'all tried to keep stats on the flow of spam? Are my
> observations about message flow on-target?
> (2) Beyond SpamAssassin, have you tried out any tools which reject
> spam before it reaches your mailbox? I know that I could configure
> sendmail to reject mail from sites listed in certain blacklist
> databases, but before I take that step I want to make sure to use the
> right blacklists and I also want to keep better statistics on a
> per-recipient basis (example, I get mail to "daemon" and "amanda", in
> addition to "richb", at my domain). (3) Are there any spam-folder
> statistical analysis tools that are useful?
>
I've noticed a marked increase in spam attempts since the first of the year,
including spam from otherwise "legitimate" businesses who are now licensed
to spam based upon the US (I) CAN SPAM act.
I use a series of blacklists, including blocking off entire countries
(Korea, China, Poland, etc). Then again, I've not had any legitimate
messages from those areas, and don't yet expect any in the future. Some of
my lists include dynamic IPs on cable and DSL providers, though these lists
are not complete. After fine-tuning (and whitelisting certain addresses),
if I get one spam message come through in two weeks that's a lot. I haven't
blocked one legitimate message in probably close to a year, as far as I can
tell.
Unfortunately, I don't keep statistics, other than for optonline.net (who
has one particular user who tries hundreds of times a day to hit my
mailserver). They're blocked at the firewall for that block of dynamic
addresses.
-Don
More information about the Discuss
mailing list