I have two independent mailservers, and two other customers that run their own servers, all largely unrelated infrastructures and target domains, suddenly experiencing low levels of spam. Total emails/day dropping from some 175,000-250,000ish to 50-75,000ish (legit mail in the 2-5,000 per day, yes I have some high spam:legit customers...). 3 days in a row now at least, at quick glance. Did someone set up them the bomb? /kc -- Ken Chase - ken@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
---------- Original Message ----------- From: Ken Chase <ken@sizone.org> To: nanog@nanog.org Sent: Mon, 3 Jan 2011 13:04:55 -0500 Subject: sudden low spam levels?
I have two independent mailservers, and two other customers that run their own servers, all largely unrelated infrastructures and target domains, suddenly experiencing low levels of spam.
Total emails/day dropping from some 175,000-250,000ish to 50-75, 000ish (legit mail in the 2-5,000 per day, yes I have some high spam:legit customers...). 3 days in a row now at least, at quick glance.
Did someone set up them the bomb?
We filter spam for over 2000 domains and I don't see any noticeable drop in payload. I have noticed that over the past few months greylisting has become MUCH more effective than it used to be... looks like spam delivery is moving more from snowshoe infrastructure towards botnets. -- Randy M. www.FastServ.com
On Mon, Jan 3, 2011 at 10:04 AM, Ken Chase <ken@sizone.org> wrote:
I have two independent mailservers, and two other customers that run their own servers, all largely unrelated infrastructures and target domains, suddenly experiencing low levels of spam.
There's definitely been a drop-off in spam levels over the past week, which comes on top of a general drop over the past few months. Although far from a great indicator of global levels, the following two graphs give a good idea on what's happening on a relative basis : Past Month - http://www.spamcop.net/spamgraph.shtml?spammonth Past Year - http://www.spamcop.net/spamgraph.shtml?spamyear The numbers for December are especially unusual, as with Christmas coming it's normally one of the higher months for spam. The drop-off since September is mainly due to the closure of spamit.com(Pharma spam referal company), although I haven't seen any reports of what's caused the drop-off in the past week or so. Scott.
On Jan 3, 2011, at 2:04 PM, Scott Howard wrote:
On Mon, Jan 3, 2011 at 10:04 AM, Ken Chase <ken@sizone.org> wrote:
I have two independent mailservers, and two other customers that run their own servers, all largely unrelated infrastructures and target domains, suddenly experiencing low levels of spam.
There's definitely been a drop-off in spam levels over the past week, which comes on top of a general drop over the past few months.
According the to Symantec "December 2010 State of Spam & Phishing Report", spam is reducing http://www.spamfighter.com/News-15570-Spam-Volume-Continues-to-Decrease-Syma... I have seen various reports relating this to the taking down of this or that botnet (see, e.g., http://www.eweek.com/c/a/Security/Botnet-Holiday-Spam-Levels-Drop-for-Christ... ) but I would take that with a big grain of salt. Regards Marshall
Although far from a great indicator of global levels, the following two graphs give a good idea on what's happening on a relative basis : Past Month - http://www.spamcop.net/spamgraph.shtml?spammonth Past Year - http://www.spamcop.net/spamgraph.shtml?spamyear
The numbers for December are especially unusual, as with Christmas coming it's normally one of the higher months for spam.
The drop-off since September is mainly due to the closure of spamit.com(Pharma spam referal company), although I haven't seen any reports of what's caused the drop-off in the past week or so.
Scott.
Ken Chase wrote:
I have two independent mailservers, and two other customers that run their own servers, all largely unrelated infrastructures and target domains, suddenly experiencing low levels of spam.
Total emails/day dropping from some 175,000-250,000ish to 50-75,000ish (legit mail in the 2-5,000 per day, yes I have some high spam:legit customers...). 3 days in a row now at least, at quick glance.
Did someone set up them the bomb?
Something killed off RuStock at Xmas. Matt. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________
On 04/01/11 04:04, Ken Chase wrote:
I have two independent mailservers, and two other customers that run their own servers, all largely unrelated infrastructures and target domains, suddenly experiencing low levels of spam.
Connection and rejection counts have been going bonkers of late for me. I run filters for a number of small businesses so I don't see huge amounts of traffic, but it's usually fairly regular in volume of mail and rejected attempts. Leading up to the 21nd of December, it was fairly level but low at 60-90% normal volume of rejections per day, then the 22nd went to 200% followed by a low of 30-50% normal for 23-29th. On the 30th through the 1st of Jan, the Storm? bot went nuts and rejections went to at least 500% normal (entirely on cheap checks - HELO, rDNS). After that, I had to go double check the mail servers were actually running all the time as rejection counts hit 2-10% normal. I haven't seen an obvious Storm bot type connection since. Did someone kill the botnet? Or have the the virus writers finally decided to chance tack? Or have they hunted out all the servers that reject every single attempt and no longer send to them? The only thing I can be certain of, is that they'll be back and my spam levels will be back to normal sometime soon.
I noticed a substantial drop in spam in my gmail account in recent days, from several hundred a day to maybe a hundred. Ironically, gmail filtered this thread to my spam folder. Cheers, Jayfar
On 1/3/11 6:42 PM, Jay Farrell wrote:
I noticed a substantial drop in spam in my gmail account in recent days, from several hundred a day to maybe a hundred. Ironically, gmail filtered this thread to my spam folder.
Yes, I found these messages my gmail spam today, too. Lately, gmail has been regularly flagging NANOG as spam, particularly the end of week CIDR and BGP reports.
On 1/4/11 7:10 AM, William Allen Simpson wrote:
On 1/3/11 6:42 PM, Jay Farrell wrote:
I noticed a substantial drop in spam in my gmail account in recent days, from several hundred a day to maybe a hundred. Ironically, gmail filtered this thread to my spam folder.
Yes, I found these messages my gmail spam today, too. Lately, gmail has been regularly flagging NANOG as spam, particularly the end of week CIDR and BGP reports.
Not being a gmail user this may be a stupid question: can't you whitelist things in gmail? The ratio of spam/ham on NANOG is pretty good. ~Seth
On Tue, Jan 4, 2011 at 18:10, Seth Mattinen <sethm@rollernet.us> wrote:
Not being a gmail user this may be a stupid question: can't you whitelist things in gmail? The ratio of spam/ham on NANOG is pretty good.
Yes, you can, done it a while ago as some messages were going to spam for me also, even few from this thread would go to spam if not for filtering.
On Tue, Jan 4, 2011 at 11:21 AM, Danijel <theghost101@gmail.com> wrote:
On Tue, Jan 4, 2011 at 18:10, Seth Mattinen <sethm@rollernet.us> wrote:
Not being a gmail user this may be a stupid question: can't you whitelist things in gmail? The ratio of spam/ham on NANOG is pretty good.
Yes, you can, done it a while ago as some messages were going to spam for me also, even few from this thread would go to spam if not for filtering.
And When it does that it at the top of the message it says "Due to a filter you created, this message was not sent to Spam. Edit Filters"
On Jan 3, 2011, at 1:04 55PM, Ken Chase wrote:
I have two independent mailservers, and two other customers that run their own servers, all largely unrelated infrastructures and target domains, suddenly experiencing low levels of spam.
Total emails/day dropping from some 175,000-250,000ish to 50-75,000ish (legit mail in the 2-5,000 per day, yes I have some high spam:legit customers...). 3 days in a row now at least, at quick glance.
Did someone set up them the bomb?
See http://krebsonsecurity.com/2011/01/taking-stock-of-rustock/ for a discussion of recent spam level trends. --Steve Bellovin, http://www.cs.columbia.edu/~smb
participants (12)
-
Danijel
-
Jay Farrell
-
Ken Chase
-
Marshall Eubanks
-
Matt Sergeant
-
Philip Dorr
-
Randy McAnally
-
Scott Howard
-
Seth Mattinen
-
Steven Bellovin
-
Ted Cooper
-
William Allen Simpson