Spam

A few weeks ago, Ryan mentioned to me that he thought I must get ridiculous amounts of spam since I have my own domain. This is true, but it may depend on how you look at it.

Do you mean spam messages in my inbox? If so, I probably receive about as much as anyone else. Since I’ve had the same e-mail address for more than twelve years, I may receive a bit more, but I’m sure it’s in the ball park.

On the other hand, do you also include all of the attempts to deliver spam? This is a far greater amount. It’s so large that I’m still surprised by it. What many don’t realize is those pesky spammers don’t bother limiting their messages to users that they know exist. Rather, they employ a shotgun approach and attempt to send mail to what I have to assume is a pre-generated list of user names. Is there a rpalibynp@alienshore.com here? No, but a spammer sent a message to this address anyway, hoping there would be such a user. Taking it a step further, would you think it likely that a seekingly random string of 24 numbers will be a valid user name? Me either, but a message to 354244253829.319917729384@alienshore.com just came in. ‘Shot in the dark’ messages to invalid users form the vast majority of message delivery attempts.

Take all of these invalid user names into account, along with other messages rejected because they had no sender address, their sender reputation scores were too high, the greylist routine temp-failed their delivery attempt and they didn’t try again, or they were temp-failed because they attempted to exceed the session limits I set, and you’ve got quite a bit of spam traffic.

20080315_spamThis chart shows the daily number of connection attempts to alienshore.com in the first two weeks of March. The colours show why the message or connection was blocked. And yes, you’re not misreading the chart if you see there were more than 42,000 connection attempts for yesterday alone. The total number of connection attempts for the two weeks represented in the chart is 424,831. This averages to 30,345 each day.

It’s ridiculous, but it continues because there’s money to be made. There have to be people who actually buy what the spammers are selling. I find it hard to believe, but the spammers would not otherwise bother.

Which colour in the chart represents non-spam mail? Don’t even bother asking because you can’t see it. The five active users on alienshore.com have never received more than a hundred messages even on the busiest day. Just 30 messages is closer to the average and this is 0.1% of the total number of connection attempts on an average day.

Still, far less spam makes it as far as my inbox than did years ago when there was less spam sent. Detection methods have improved faster than the increase in the quantity of spam sent. Although the torrent of spam is almost completely invisible to the average user, the costs of transporting it and detecting it are borne by everyone.

This entry was posted in spam. Bookmark the permalink. Trackbacks are closed, but you can post a comment.

2 Comments

  1. Des
    Posted March 16, 2008 at 06:14 | Permalink

    So what do the various colours represent? Does yellow represent the invalid email addresses?

  2. Posted March 16, 2008 at 11:44 | Permalink

    The yellow represent session limits. Since I’ve got so few users, I clamped right down. Only one session at a time per client, ten sessions per ten minutes, and other things like that. I suspect it causes many retries. The invalid users are grey, and doesn’t account for nearly the numbers I would have expected because most don’t make it through that far.

    I used to run without any session limits and the daily peak was about half what this chart shows. The device is more than capable of handling the traffic but I don’t want to go and encourage them!

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*
*