ietf-mxcomp
[Top] [All Lists]

Re: by the numbers

2004-09-24 05:26:33

Based on these numbers, the item of interest was the growth rate:

Between 4/20 and 9/12, you had a growth rate of 68 new SPF spammers per day.

This is just with two states, so it would be interesting to see the
acceleration with more collection points.  I suggest a weekly or monthly
collection to see this pattern.

Nevertheless, overall, its not good to see this, especially, if that rate
does not go down over time.  However, fortunately, in my analysis, most
systems experience a segment of the spammer base.  In other words, I'm only
the basically the same systems or same pattern of systems using spoofs.

What I find extremely interesting is that these systems don't seem to be
learning from a programmatic standpoint, only administratively by adding the
domains.  In other words,  my rejects are pretty constant with the same
information, over and over and over again.  They might go away for a few
days or week, but soon enough they are back with the same type of
information that gets them rejected.

Sincerely,

Hector Santos, CTO
Santronics Software, Inc.
http://www.santronics.com
305-431-2846 Cell
305-248-3204 Office



----- Original Message -----
From: "wayne" <wayne(_at_)midwestcs(_dot_)com>
To: "IETF MARID WG" <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Thursday, September 23, 2004 9:46 PM
Subject: Re: by the numbers



Attached you will find a survey that Marcos Sanz and I did of com,
net, and de.


I've had a couple of requests for more raw data about what TXT records
are out there and SPF records in particular.  So, I've finished up a
couple of surveys and lightly munged the data to keep spammers from
collecting domain names.  You can find the raw data at:

http://www.midwestcs.com/spf/surveys/

The "spammerlist" files are the domains found in a spammers list of
email addresses.  There were about 1.3 million unqiue domain names
used by the spammer.  The list was old when I got it about a year and
a half ago and the spammer never bothered to clean up obviously bogus
domain names, so the actual number of valid domain names is much less
than 1.3 million, maybe as few as 500k.  I have not bothered to clean
up the list because I use it for testing SPF stuff.  Even if the email
addresses have bogus domains, I expect spammers to send email claiming
to be from them so I need to make sure that my SPF system can deal
with them.

Files ending in "spf" are the unique SPF records found.  Files ending
in "txt" are summaries of the TXT records found.


Let me know if you have questions.


-wayne





<Prev in Thread] Current Thread [Next in Thread>