[LINK] Spam, Virus and Trojans - Statistics
Adam Todd
link at todd.inoz.com
Mon Jan 1 15:22:30 AEDT 2007
Hi all. Just in keeping with the current thread on SPAM, I've been doing
my usual cleaning up my Euroda Mail Boxes (thank goodness they are mbox
format!) and have some summary statistic to announce :)
I filter inbound mail at my mail server, ay my delivery point and within
Eudora. The goal is that only genuine mail gets to me. Mail lists are all
subscribed to with a unique email addresses specific to that list, I use
unique addresses for most business contact. Only people I converse with in
private are consolidated into generic user addresses such as "adam@"
Many links I see use my address' in domains todd.inoz.com and ah.net which
is kinda interesting.
In December 2004 I implemented TMDA (Challenge/Response) on my mail server
and applied it to two of my accounts. I have a bypass account that isn't
processed by TMDA.
I use a virtual mail system managed by Sendmail. So each unique addresses
is pointed to a local delivery address or mechanism. I haven't done a
parse over the virtual tables to see how many addresses are listed or what
proportion of addresses go to with delivery point. If anyone is
interested, email me and I'll update the date.
The results are of those trapped or filtered but retained within
Eudora. Many are probably rejected at the initial connection for delivery.
VIRUS
-----
I thought I'd start with Virus type emails. Be the virus attached or
included within the email itself. It might run with Outlook, but as I
don't use it I can filter it.
2005 Received 42 virii
2006 Zero
TROJANS
-------
These are applications attached to which mostly you are invited to open the
attachment to view or action the contents.
YEAR MESSAGES KB
2000 14 18K
2001 No Records
2002 No Records
2003 No Records
2004 355 709K
2005 93 567K
2006 52 229K
** The entries in 2000, I haven't looked at, but suspect they may be 2006
messages that have fake dates but were received in 2005 or 2006.
BLOCK
-------
These are messages that meet the criteria of unsolicted SPAM. Unlike Craig
Saunders who calls spam anything he didn't create himself, I do not
consider a message from a person on a mail list I subscribe to as
SPAM. These are messages that relate to penis enlarging, having better sex
with your partner, or making my boob bigger. I tend to think that making
my boobs bigger might not be in my masculine best interests. Although in
the case of my wife, she find the penis enlarging messages a bit odd, she
hasn't considered a sex change. These are messages that made it through
ALL FILTERS
YEAR Messages K
1998< 64 216
1999 757 3,283
2000 1,086 5,276
2001 6,408 41,491
2002 10,765 60,701
2003 5,825 26,280
2004/2 2,027 4,759 (Jan - 30 June)
2004/2 7,572 15,366 (Jul - 31 Dec)
2005/F 543 3,913 (Received in 2005, but Nil or fake date)
2005/2 254 1,313 (Jan - 30 June)
2005/2 76 336 (Jul - 31 Dec)
2006 4,964 20,630 (Full year)
2006/F 28 106 (Recieved in 2006, but Nil of fake date)
*2003 implemented broader RBL and Sendmail rejecting
*2004 Dec - implemented TMDA filtering
It's interesting to see the HUGE increase during 2006 or messages that
bypass traditional and new design filters.
BOUNCES
-------
These are bounce notifications from the Mailer-Daemon. Some may in fact be
legitimate bounces from messages sent to incorrect typed addresses on my
server, this would be rare. Most are messages that my server may have tried
to send back to a fake address and failed.
YEAR Msgs K
1998 26 81
1999 210 2,103
2000 1,020 3,678
2001 202 863
2002 957 9,890
2003 655 7,688
2004 1,257 9,861
2005 6,645 33,214
2006 9,155 79,790
* A noticeable increase in bounced messages is noticed after TMDA is
implemented which sends a message to the sender asking them to
verify. It's fairly conclusive that most of these messages which bypass
Sendmail Filtering, RBL Filtering and other Anti SPAM measures getting to
the point of delivery, are from invalid addresses.
TMDA-BOUNCE
-----------
These are messages specifically created as Bounced by TMDA software. I
only started collecting these in 2006.
HTML MESSAGES
-------------
I filter all messages that contain HTML. Some are legitimate, some are
not. I don't have much time to spare sorting through them so generally
look for senders I know - many are Linkers! I take out the legitimate ones,
so they aren't included :)
YEAR Msgs K
2003 7,607 27,766
2004 23,994 85,769
2005 Missing
2006 Not Processed
....
2006 1,028 14,776 (Mix of mostly legitimate and minimal HTML SPAM)
YEAR Msgs K
2006 1,491 3,292
ATTACHMENTS
-----------
Attachments are anything that didn't fit into the above. Mostly ZIP, COM
and some Screen Savers that weren't detected as Trojans
YEAR Msgs K
2004 1,508 4,071
2005 1,038 5,746
2006 1,289 4,785 (About 5% are mis-sorted messages)
More information about the Link
mailing list