Contributed by mbalmer on from the bob's-hammer-hammers-spammers dept.
Since somebody asked me (I often don't look because I seem
to think spam is lessening - really it's not.... :)
in the past *36 hours*...
smtp.srv.ualberta.ca (the mail host for @ualberta.ca) has recieved:
212598 real smtp connections to it (roughly real pieces of email)
coming from 29217 distinct hosts - these would be from hosts
in our whitelist - currently 138793 hosts, which are the hosts we
have exchanged mail with legitimately (inbound or outbound) in the
last 30 days.
During that time, there have been:
696269 connections to the spamd greylister in front of it (roughly
speaking, all of that is junk) coming from 177359 distinct hosts.
during this time, of all those connections and all those hosts, 3229
hosts retried according to spec and were whitelisted and allowed
through (all the rest never tried again :) in other words for all
those connections there were 3229 hosts added to the 30 day whitelist
So, currently, our volume of what is assuredly junk to that of what
might be real mail is roughly a little less than 7 junk to 2 good :)
and of the hosts hitting the greylister it's roughly a 54 to one ratio
of junk (i.e. a virus infected machine) to *possibly* good. - needless
to say this makes a significant impact on the capacity of the mail system :)
Now some details:
Of those 696269 connections:
270119 of them disconnected in under 10 seconds, which means they
never attempted to deliver mail to us - because they were spam software that
thought we were tarpitting them. - we talk slowly to hosts on the greylist for
the first 10 seconds of a connection, because real software doesn't care, spam
generating robots do, and attempt to time out quickly, so we use this
against them, to make them go bother someone else.
174219 of them were from (20305 distinct) hosts that connected after
hitting a spamtrap address and having future mail from the site
delayed for 24 hours. This is due to them mailing nonexistant or 10 year
old addresses from a site that has never exchanged mail with us before
(this is referred to as a "greytrap")
The 3229 hosts whitelisted above above would have come from the
remaining 696269 - 270119 - 174219 = 251931 connections which actually
had a chance to get through.
Anyway, thought some of you might enjoy those stats.
(Comments are closed)