http://www.uhoreg.ca/ The insane ramblings of Hubert Chathi en-ca Copyright Hubert Chathi hubert@uhoreg.ca hubert@uhoreg.ca http://www.rssboard.org/rss-specification http://www.uhoreg.ca/hubertprop.jpg http://www.uhoreg.ca/ 90 150 http://www.uhoreg.ca/microblog/20100127-1127 Wed, 27 Jan 2010 11:27:00 -0500 http://www.uhoreg.ca/microblog/20100127-1127 <div class="blogtopic"><a href="/index/work" rel="tag">work</a>, <a href="/index/spam" rel="tag">spam</a></div> <div class="blogtime">11:27 -0500</div> <div class="entry-content"> <span class="microblog_name">Hubert Chathi:</span> it looks like my work email account has made it onto the #<a href="/index/spam" rel="tag">spam</a> lists :(</div> http://www.uhoreg.ca/blog/20080513-2354 Tue, 13 May 2008 23:54:00 -0400 http://www.uhoreg.ca/blog/20080513-2354 <div class="blogtopic"><a href="/index/personal" rel="tag">personal</a>, <a href="/index/technical" rel="tag">technical</a>, <a href="/index/spam" rel="tag">spam</a>, <a href="/index/security" rel="tag">security</a></div> <div class="blogtime">23:54 -0400</div> <div class="entry-content"> <p>I blogged about a year an a half ago about <a href="/blog/20061206-1539">spam killing statistics</a> on my server. I thought I'd post an update since then. These are the spam rejections from the past 10 days.</p> <ul> <li>viruses rejected by <a href="http://www.clamav.net/">ClamAV</a>: 14 (all phishing attempts — no actual viruses)</li> <li>spam rejected by <a href="http://spamassassin.apache.org/">SpamAssassin</a>: 194 (this doesn't count spam eliminated by <a href="http://www.greylisting.org/">greylisting</a>, since there's no easy way for me to get those stats)</li> <li>rejected by the DNSBL at <a href="http://zen.spamhaus.org/">zen.spamhaus.org</a>: 4,603</li> <li>rejected by the DNSBLs at <a href="http://rfc-ignorant.org/">rfc-ignorant.org</a> (dsn and bogusmx): 16</li> <li>sent to a nonexisting user: 451</li> <li>relay attempts: 37</li> <li>failed sender verification: 48</li> <li>bogus bounce messages (<a href="http://backscatterer.org/">backscatter</a> from spam): 7</li> <li>mail delivered to my inbox: 873</li> </ul> <p>Obviously, these numbers don't show the whole picture — they're only based on 10 days of activity. For example, the backscatter that I get seems to happen in waves, so it's low now, but some times, it's huge.</p> <p>So in all, in the past 10 days, my mail server rejected 5,370 messages (compared to 3,281 from my last blog) and accepted 873 (compared to 564 from my last blog) messages. I also have another layer of spam filtering when I fetch the mail from my server.</p> <p>So, spam volumes are up by about 1.6 times. General mail volume is also up — I'm subscribed to a few more mailing lists.</p> <p>Changes to my filtering setup since last time include:</p> <ul> <li>using DNSBLs: this drops a lot of spam, as you can see, and reduces the load on my server (since they only require a DNS lookup, and don't need to be content scanned</li> <li>lowering the threshold for SpamAssassin</li> <li><a href="http://slett.net/spam-filtering-for-mx/exim-sign.html">signing my outgoing envelope sender</a>, so that I can reject bogus bounces</li> <li>enabling sender verification</li> <li>enabling <a href="http://www-uxsup.csx.cam.ac.uk/~fanf2/hermes/doc/antiforgery/csa.html">client SMTP authorization</a>: it doesn't make a showing in these stats, but it drops a few spam here and there. I wish more people would publish CSA records. It's an easy check for spoofing, and a dead giveaway if it fails. It just isn't very well known.</li> </ul> <p>I've also started reporting some spam via <a href="http://www.spamcop.net/">spamcop</a>.</p> </div>