Friday, 7. May 2004
PermaLink Rolling 6 months DNSBL performance to April 2004
rolling 6 month DNSBL performance

The chart is on a linear scale this time (see also: last time) to give a clearer indication of trends.

  • ORDB omitted because the number of hits is too low to plot sensibly on a chart with this scale.
  • Every DNSBL has shown a growth in hits during the period November 2003 - April 2004
  • SORBS is the biggest gainer having grown by a factor of nearly 6. Complaints about false positives are few (and those that do happen are resolved quickly)
  • DSBL hits have doubled since November
  • Our local list continues to perform well

The same shart is shown stacked below to illustrate the overall growith in DNSBL blocking here

rolling 6 month DNSBL performance - stacked

Note the step change in February. This coincides with the start of the latest wave of mass mailing worms like the Netsky family, which propagate direct-to-MX.

This goes some way to explaining the huge growth in SORBS hits and the smaller but still very significant growth in DSBL hits. The former are probably infected machines using IPs listed on the SORBS DUL to attempt to re-propagate the worm direct-to-MX. The latter are probably newly created exploitable hosts ("zombies") being used to send spam.

Category: Spam Statistics
Technorati:
Comments :

1. Christopher Harvey07/05/2004 16:45:21


Could you tell us what order you have the DNSBLs listed in your server's config document? Clearly the order will somewhat skew the results because BLs listed first get first crack at identifying the spam source.

Currently we use only Spamhaus and Spamcop. Spamhaus shows a much higher percent of hits and is first in our list, but if I put Spamcop first in the list then its numbers look much better. Obviously lots of overlap.



2. Chris Linfoot07/05/2004 17:06:51


Not the server config, Intercept !

0 First the whitelists (local and Bonded Sender)
1 DSBL
2 SORBS (the top level zone)
3 Spamcop
4 Spamhaus (SBL-XBL)
5 ORDB (but I may take that out as it only get hit perhaps 30-50 times per month
6 Various blackholes.us zones



3. Chris Linfoot10/05/2004 08:38:04


Oops. Forgot:

0a local IP blocks
7 local name blocks



Unable to post a comment? Please read this for a possible explanation...
Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This won't be immediate, as trackbacks are validated on a scheduled basis. Be patient.











Search
Popular Categories
Blogs
Coffee and Cats
Computing Systems Fundamentals
DNSBLs
Domino Administration
Domino Whitelist
Dumb and Dumber
Flickr
IPv6
SMTP AUTH
Show n Tell
Software
Spam
Spam Statistics
T'Internet
Trunk Monkeys
Viruses and Worms
Wallace and Gromit
Whitelisting
Wii
Monthly Archive
2008
2008
2008
2008
2008
2008
Full Archive
Other stuff
Anti-Spam Tools
Misc Links
Land banking information
ClustrMaps
Locations of visitors to this page
Contact Me
email - Chris Linfoot
skypeme
Meta
Proudly powered by IBM Lotus Domino 8 Proudly powered by IBM Lotus Domino 8

Subscribe to articles Subscribe to articles feed

Subscribe to comments Subscribe to comments feed

ROR info ROR info


My Amazon wish list Wishlist


Wikio - Top Blogs - Technology
Like what I do?
Then please consider a donation to support the work of Research Autism.

Idea Jam
Planet Lotus
Dilbert