On Tue, May 27, 2003 at 12:49:41AM -0700, Scott Nelson wrote:
Still, if we knew the average number of recipients for spam
messages currently, and the average number for non-spam,
I used the maillog of one of our mailservers of the last 22 hours.
It saw
128582 RCPT TO commands in
110709 connections
the data is cleaned of 5 customers that did newsletter injects today
that consisted of about 100-250 recipients per connection).
Please note that this mailserver is used by our customers as an outgoing
relay and also by external users as a MX host. If you think this will
make the data inaccurate I could try to filter out our customers to
get better figures.
The distribution is
102252 1 (aka 102252 times 1 recipient per connection)
4562 2
1983 3
674 4
435 5
351 6
132 7
109 8
101 10
52 9
16 13
9 15
9 12
8 11
3 16
3 14
2 17
1 74
1 70
1 65
1 41
1 26
1 25
1 22
1 20
If I only use those hosts that weren't
a) rejected for sender address blocks (spam)
b) rejected for recipient address blocks (spam)
c) tagged because listed with DNSBLs
the distribution is
66269 1
2781 2
575 3
248 4
125 5
84 6
54 7
54 10
39 8
21 9
4 13
3 15
3 12
3 11
2 16
1 22
1 17
1 14
The distribution for all "spam" classified emails is:
35983 1
1781 2
1408 3
426 4
310 5
267 6
78 7
70 8
47 10
31 9
12 13
6 15
6 12
5 11
2 14
1 74
1 70
1 65
1 41
1 26
1 25
1 20
1 17
1 16
What is pretty interesting is that one host
md080081101018cl.neo-sky.com:80.81.101.18
first attacked in single connects with changing sender addresses
<offer(_dot_)(_dot_)(_at_)aol(_dot_)com>
and different target domains for about 3 hours, then it switched to
a 74 messages bulk inject to addresses [a-m]*@ at one single domain
from the sender address <offereo(_at_)aol(_dot_)com> and 5 minutes later it fell
back to single connects (that still continue).
Hope this is kinda what you are looking for.
As a conclusion I'd say that due to the fact that 79.52% of the emails
already came in single recipient connections limiting SMTP conversations
to single recipients would
a) have minimal impact on the mail structure of the Internet
b) have minimal impact on the success of spammers
\Maex
--
SpaceNet AG | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development | D-80807 Muenchen | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
proportional to the amount of vacuity between the ears of the admin"
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg