Hello,
Since McColo closed, we noticed the spam was far more intensive than before.
However, it seems the amount of spam is similar than than before.
Do you feel the same ?
Many thanks,
RO
Revolver Onslaught wrote:
Hello,
Since McColo closed, we noticed the spam was far more intensive than before.
However, it seems the amount of spam is similar than than before.
Do you feel the same ?
Many thanks,
RO
I've been getting an fair number of e-mails (up from zero) from customers asking about spam they are getting with their e-mail address being in the From: address. I know that this has always been happening, I'm just wondering if it's been buried under the McColo stuff so they are just noticing it.
Very stange. I could notice our Spamhaus rejects were the same as before....
Dave Larter a �crit :
Jeff Shultz wrote
I've been getting an fair number of e-mails (up from zero) from customers asking about spam they are getting with their e-mail address being in the From: address. I know that this has always been happening, I'm just wondering if it's been buried under the McColo stuff so they are just noticing it.
Yes I have been getting a lot of that as well. Subject order status.
Is that an off the shelf tool or custom built?
Same here, with the same subject. Picked up only recently.
And delivered spam is about the same too. This is just spam I receive, May was when I brought our new smtp gateways online.
spam.xls (35.5 KB)
It Symantec SMTP gateway v smssmtp501-2007-11-07_02
I have setup another new version Symantec Brightmail Gateway 7.7 product
which is in the config stage and only handling a few test domains right
now.
Sorry, and we have the premium spam add-on too.
We are still significantly below the volume we had before McColo got
shut down as well. See attached.
On a side note, each horizontal line is 50,000 messages received, each
color is a class of email received (i.e. blocked due to bad recipient,
blocked due to the sender, blocked due to the content of the email,
etc.).
Before being shut down we accepted about 1000 emails out of 200,000+
emails a day. Yesterday we only received 50,000 emails delivered total
but accepted a similar amount (as expected).
Mick
spam_chart.bmp (586 KB)
We have not seen any decrease. In the last 24 hours we have seen 3.5
million messages blocked.
-Mike
I thought it was mostly control servers....I doubt any 'botnet master'
would hardcode an IP address of a server without some sort of backup
using some domains that they can always change the DNS on. They update
that and the bots will then start connecting to the new 'control
servers' and thus spam would come from them. Also did the spam really
'stop' or were they just not able to now get updates from their control
servers...those infected I imagine are still sending the spam....
-r
Seen behind my ISP (gmx.de),
I get almost no spam. Looking into the spam folder I
see some 10% of what I used to see.
On the other other hand when they closed I got an
alarm for my homepage. I got so many wordbooks on
my ssh that they exceeded my traffic limit.
I had to move my sshd to IPv6 only to get rid of them.
Admin friends told me the wordbook attacks are down
again but at the same time spam went up although not
as much as it used to be.
I have been watching some 10 mailboxes seeing the
same results.
Kind regards
Peter
Revolver Onslaught wrote: