Return-Path: Delivered-To: apmail-spamassassin-users-archive@www.apache.org Received: (qmail 72471 invoked from network); 19 Mar 2011 12:06:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 19 Mar 2011 12:06:13 -0000 Received: (qmail 94794 invoked by uid 500); 19 Mar 2011 12:06:10 -0000 Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org Received: (qmail 94768 invoked by uid 500); 19 Mar 2011 12:06:10 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 94761 invoked by uid 99); 19 Mar 2011 12:06:10 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 19 Mar 2011 12:06:10 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of mfidelman@meetinghouse.net designates 207.154.13.48 as permitted sender) Received: from [207.154.13.48] (HELO server1.neighborhoods.net) (207.154.13.48) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 19 Mar 2011 12:06:04 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by server1.neighborhoods.net (Postfix) with ESMTP id C2EFFCC0ED for ; Sat, 19 Mar 2011 08:05:42 -0400 (EDT) X-Virus-Scanned: by amavisd-new-2.6.2 (20081215) (Debian) at neighborhoods.net Received: from server1.neighborhoods.net ([127.0.0.1]) by localhost (server1.neighborhoods.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id k+gMQSM5UxwE for ; Sat, 19 Mar 2011 08:05:40 -0400 (EDT) Received: from new-host-4.home (pool-173-76-134-212.bstnma.fios.verizon.net [173.76.134.212]) by server1.neighborhoods.net (Postfix) with ESMTPSA id 8645DCC0E2 for ; Sat, 19 Mar 2011 08:05:40 -0400 (EDT) Message-ID: <4D849C13.1010107@meetinghouse.net> Date: Sat, 19 Mar 2011 08:05:39 -0400 From: Miles Fidelman User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.1.17) Gecko/20110123 SeaMonkey/2.0.12 MIME-Version: 1.0 To: users@spamassassin.apache.org Subject: Re: Microsoft brings down major fake drug spam network References: <4D83D8A3.8000800@inetmsg.com> <20110319000842.GF8136@michelle1> In-Reply-To: <20110319000842.GF8136@michelle1> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Michelle Konzack wrote: > Hello Bill Landry, > > Am 2011-03-18 15:11:47, hacktest Du folgendes herunter: > >> No wonder I have seen such a huge drop in spam the past few days: >> > ??? I get 18-26 mio spams (36 servers with 96.000 users) per day and > nothing has changed. Please read the news (not only one) more carefully > > >> http://timesofindia.indiatimes.com/tech/enterprise-it/security/Microsoft-brings-down-major-fake-drug-spam-network/articleshow/7734903.cms >> >> Anyone else been noticing the decrease in spam? >> > No, because there are ore then one Botnet of this size now... > > Absolutely yes. Context: - I run a bunch of medium sized, private, email lists on my servers, I'm list admin for most, postmaster for all - I've got a dozen or so personal email addresses, some of which date back 30+ years (to ARPANET days) - most of these addresses are highly visible - I'm also on a ridiculous number of email lists - all of my mail ultimately gets aggregated into one account, then auto-sorted by a bunch of procmail rules - I've got pretty much a stock postfix/spamassassin/clamav setup, with rules kept up-to-date - I don't run IP based blocklists - too many false positives - I let spam through to my account, then use rule-based filters to send mail with high scores to /dev/null, then use my eyeballs to delete what's left (between avoiding false positives, and keeping track of spam trends, the couple of minutes a day to do this seems worth it) In this context, for the past year or so, I've been averaging 12,000 or so emails per day arriving at my mailbox, of which they break down as follows: - 9000 or so to /dev/null - 1000 or so bounce messages, server admin messages, and such - almost all of which are either bounceback spam, or spam-related error messages (e.g., the result of spam sent to list admin addresses) - 1000 or so to a spam folder (high spam score, but not high enough to send right to /dev/null) - easy to eyeball and delete, a couple of false positives a week, sometimes a really important one (and sometimes a really important one that I delete by accident) - 500 or so messages from various email lists - mostly legitimate, most of which I ignore for lack of time - 500 or so messages that get to my general inbox - of which some are for lists that I don't send to other folders, 50 or so legitmate messages, and a good amount are spam that doesn't get caught anywhere else As of two weeks ago, I saw a noticeable drop in the total number of incoming messages per day - from 12,000 to around 8,000, and this has stayed steady now. A drop of a third is definitely significant. My sense is that this has mostly been in the category of things that went directly to /dev/null. The amount of mail I manually eyeball does not seem to have changed that much - though this is mostly a subjective judgment, I haven't been tracking the statistics, other than noting them in my daily log report. One other datapoint: My outgoing mail que seems to have a lot fewer messages that get stuck (the remaining spam that gets through all the filters, that gets rejected remotely and requed). -- In theory, there is no difference between theory and practice. In practice, there is. .... Yogi Berra