Jump to content
Sign in to follow this  
Lking

Reporting Statistics

Recommended Posts

Over the last few days, my spam has moved up sharply from about 10-15 per day up to 90 (for today). Mostly drugz and watchz (gearing up for the Christmas rush). Now that NYSE seems to be in a less bearish phase, there's even a stock scammer sending his mail from his web server at cogentco (ought to be an easy catch, but they haven't done it yet). I'm also seeing a return of a lot of old-school obfuscation techniques such as encrypted message bodies.

So far, SpamCop has caught 100% of it for me to LART with extreme prejudice.

I've turned off my ISP's accept-and-discard filtering, so I don't think the rise is attributable to false negatives.

-- rick

Share this post


Link to post
Share on other sites
Over the last few days, my spam has moved up sharply from about 10-15 per day up to 90 (for today). Mostly drugz and watchz (gearing up for the Christmas rush). Now that NYSE seems to be in a less bearish phase, there's even a stock scammer sending his mail from his web server at cogentco (ought to be an easy catch, but they haven't done it yet). I'm also seeing a return of a lot of old-school obfuscation techniques such as encrypted message bodies....
Wow, that is some change. But good to hear SC mail is handling it without missing a beat. If some appreciable proportion of the users are seeing the same that is no mean feat. If spammers are sticking with their same old patterns, that has to help our cause. Noting my own spam has (relatively) gone berserk too - 3 in the last 24 hours and two of them are list/directory sales, pretty much indistinguishable from the spam I used to get "way back when".

IronPort's 24% increase (above) was followed immediately by a 21% decrease. Those are huge numbers - extrapolated to include the 14% or so non-spam that works out to around 50 billion messages a day fluctuation. I suppose the infrastructure could handle that, especially since it is coming off a short-term high some 100 billion higher again. That is a really wild ride - as said/inferred previously, it is not necessary to postulate any sort of organizing 'principle' behind it, the proportional change history in pretty much indistinguishable from random. But the amplitude is staggering and certainly, in 'signal:noise' terms, the whole mail system is lousy which is why the majority need 'filters' to function at all. If my internet connection was that bad I wouldn't have any spam at all - I wouldn't have a connection at all. Hmmm, connection, S/N just 10dB but with low attenuation it is consistently workable. Global mail 'S/N' -16dB, practically unusable in the raw state, period.

Share this post


Link to post
Share on other sites
Some pretty interesting statistics and background to spam operations are available at:

http://www.projecthoneypot.org/1_billionth...ssage_stats.php

Thanks for that Joe, interesting reading indeed. I note that, for whatever reason, PHP and IronPort are pretty much on the same page regarding total spam volume. Those are staggering numbers.

Hmmm ... I will take that link over to the newsgroups where there has been some discussion.

The following link is to a record of what activity was detected on my web site, including address harvesting and spamming: ...
Requires login.

Share this post


Link to post
Share on other sites

I like this quote from the honeypots page (http://www.projecthoneypot.org/1_billionth_spam_message_stats.php):

To give you a sense, we've seen the word "Viagra" spelled at least 956 different ways in order to try and trick spam filters (e.g., VIAGRA, V1AGRA, V1[at]GR[at] V!AGRA, VIA6RA, etc.).

Share this post


Link to post
Share on other sites
Requires login.

Sorry about that, I thought it was a publicly available URL. Unfortunately, due to the form layout, I can't scrape it and paste it here.

Joe

Share this post


Link to post
Share on other sites
Sorry about that, I thought it was a publicly available URL. Unfortunately, due to the form layout, I can't scrape it and paste it here.
Not to worry. They have a small bug on that log-in page. It says
Attention The IP Listings / stats page you're trying to access requires a login. If you have a honey pot account, you can login and will be taken to that page. Otherwise, click here to see the global harvester stats collected by Project Honey Pot.
... but clicking the link goes to http://www.projecthoneypot.org/ip_listings.php and the message"No input file specified." Clicking the back button returns to the log-in, but this time without the "Attention" message. Nevermind, close enough :)

Share this post


Link to post
Share on other sites
...It could (still) all be part of some majestic cycle, destined to reverse itself in good time. Periodicity in spam numbers has been seen before - but these reductions, apparently with no associated major incident, do seem a bit promising. As always, ICBW.
Sure enough, the trend for the IronPort numbers in the longer-term revert to non-significance and the beginnings of the familiar 'wave' pattern we see so often in spam stats is (maybe) peeking out at us:

http://img137.imageshack.us/img137/8845/ir...oct4jan2010.jpg

Suka dan duka - sadness because the billions of spam are unabated, gladness because ... well, the greater part of them are never read nor even seen by human eye - and I have some more dandelion wine handy.

Share this post


Link to post
Share on other sites
Over the last couple of weeks, it crept up to 24/day-ish, but I was still happy as my previous rate before the apparent drop-off was about 30/day. Today I got 35....

...and today, 60 but no corresponding increase on the spamcop stats. Maybe I am just unlucky....

Joe

Share this post


Link to post
Share on other sites
...and today, 60 but no corresponding increase on the spamcop stats. Maybe I am just unlucky....
As mentioned in http://forum.spamcop.net/forums/index.php?...ost&p=73805 - which included the presentation of http://img24.imageshack.us/img24/9859/ironportjan2010.jpg - the daily 'global' spam count appears to flop around with enormous fluctuations but with no effective net increase or decrease in the short-but-slightly-longer term. The spam count as seen by IronPort within that current period averaging well over 200 billion daily but the daily numbers varying as much as 61% from one day to the next within the 2½ months - but with those daily movements fairly-much cancelling each other out over time. If that is what is actually happening (or something even approaching it) then that volatility applying to those volumes can contain very large but quite random fluctuations in individual 'experience' - and certainly even very large movements and apparent trends either in accordance with or contrary to the 'global trend' - because there is no actual global trend at that timescale.

Which is to say, in response to your supposition of 'luck', yes, I think so (in a very long-winded way :) )

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×