[LINK] Spam, Virus and Trojans - Statistics

Adam Todd link at todd.inoz.com
Mon Jan 1 15:22:30 AEDT 2007


Hi all.  Just in keeping with the current thread on SPAM, I've been doing 
my usual cleaning up my Euroda Mail Boxes (thank goodness they are mbox 
format!) and have some summary statistic to announce :)

I filter inbound mail at my mail server, ay my delivery point and within 
Eudora.  The goal is that only genuine mail gets to me.  Mail lists are all 
subscribed to with a unique email addresses specific to that list, I use 
unique addresses for most business contact.  Only people I converse with in 
private are consolidated into generic user addresses such as "adam@"

Many links I see use my address' in domains todd.inoz.com and ah.net which 
is kinda interesting.

In December 2004 I implemented TMDA (Challenge/Response) on my mail server 
and applied it to two of my accounts.  I have a bypass account that isn't 
processed by TMDA.

I use a virtual mail system managed by Sendmail.  So each unique addresses 
is pointed to a local delivery address or mechanism.  I haven't done a 
parse over the virtual tables to see how many addresses are listed or what 
proportion of addresses go to with delivery point.  If anyone is 
interested, email me and I'll update the date.

The results are of those trapped or filtered but retained within 
Eudora.  Many are probably rejected at the initial connection for delivery.

VIRUS
-----

I thought I'd start with Virus type emails.  Be the virus attached or 
included within the email itself.  It might run with Outlook, but as I 
don't use it I can filter it.

2005		Received 42 virii
2006		Zero


TROJANS
-------
These are applications attached to which mostly you are invited to open the 
attachment to view or action the contents.

YEAR	MESSAGES	KB
2000	  14		18K
2001	No Records
2002	No Records
2003	No Records
2004	 355 		709K
2005	  93		567K
2006	  52		229K

** The entries in 2000, I haven't looked at, but suspect they may be 2006 
messages that have fake dates but were received in 2005 or 2006.

BLOCK
-------
These are messages that meet the criteria of unsolicted SPAM.  Unlike Craig 
Saunders who calls spam anything he didn't create himself, I do not 
consider a message from a person on a mail list I subscribe to as 
SPAM.  These are messages that relate to penis enlarging, having better sex 
with your partner, or making my boob bigger.    I tend to think that making 
my boobs bigger might not be in my masculine best interests.  Although in 
the case of my wife, she find the penis enlarging messages a bit odd, she 
hasn't considered a sex change.  These are messages that made it through 
ALL FILTERS

YEAR	Messages	K
1998<	    64		   216
1999	   757		 3,283
2000	 1,086		 5,276
2001	 6,408		41,491
2002	10,765		60,701
2003	 5,825		26,280
2004/2	 2,027		 4,759	(Jan - 30 June)
2004/2  7,572		15,366	(Jul - 31 Dec)
2005/F	   543		 3,913  (Received in 2005, but Nil or fake date)
2005/2	   254		 1,313	(Jan - 30 June)
2005/2	    76		   336	(Jul - 31 Dec)
2006	 4,964		20,630	(Full year)	
2006/F     28		   106  (Recieved in 2006, but Nil of fake date)

*2003 implemented broader RBL and Sendmail rejecting
*2004 Dec - implemented TMDA filtering

It's interesting to see the HUGE increase during 2006 or messages that 
bypass traditional and new design filters.


BOUNCES
-------
These are bounce notifications from the Mailer-Daemon.  Some may in fact be 
legitimate bounces from messages sent to incorrect typed addresses on my 
server, this would be rare. Most are messages that my server may have tried 
to send back to a fake address and failed.

YEAR	Msgs	K
1998	   26	    81
1999	  210	 2,103
2000   1,020	 3,678
2001     202	   863
2002	  957	 9,890
2003	  655	 7,688
2004	1,257	 9,861
2005	6,645	33,214
2006	9,155	79,790

* A noticeable increase in bounced messages is noticed after TMDA is 
implemented which sends a message to the sender asking them to 
verify.  It's fairly conclusive that most of these messages which bypass 
Sendmail Filtering, RBL Filtering and other Anti SPAM measures getting to 
the point of delivery, are from invalid addresses.

TMDA-BOUNCE
-----------
These are messages specifically created as Bounced by TMDA software.  I 
only started collecting these in 2006.


HTML MESSAGES
-------------
I filter all messages that contain HTML.  Some are legitimate, some are 
not.  I don't have much time to spare sorting through them so generally 
look for senders I know - many are Linkers! I take out the legitimate ones, 
so they aren't included :)

YEAR	Msgs	K
2003	 7,607	27,766	
2004	23,994	85,769
2005	Missing
2006	Not Processed
....
2006	 1,028	14,776	(Mix of mostly legitimate and minimal HTML SPAM)



YEAR	Msgs	K
2006	1,491	3,292



ATTACHMENTS
-----------
Attachments are anything that didn't fit into the above.  Mostly ZIP, COM 
and some Screen Savers that weren't detected as Trojans

YEAR	Msgs	K
2004	1,508	4,071
2005	1,038	5,746
2006	1,289	4,785	(About 5% are mis-sorted messages)








More information about the Link mailing list