subject:"\[spamdyke\-users\] SD Stats Report #3 \- more spam getting through"

Re: [spamdyke-users] SD Stats Report #3 - more spam getting through - CORRECTION

2017-04-20 Thread Philip Rhoades via spamdyke-users

Sam,

I forgot that even though I have "365" in my logrotate.conf file, I am
still only getting 100 days of logs . . but since the last report I have
kept about 11 months of spam messages that were not blocked by SD in a
mail folder - I have adjusted the spreadsheet accordingly and now since
the last report the successfully delivered spam has only increased by
about 2x (from 0.4% to 0.8% of all the SpamDyke lines in the logs) - see
below:

On 2017-04-20 12:05, Sam Clippinger via spamdyke-users wrote:

Nice spreadsheet! I don't have all the data you do, but just looking
at my mail logs going back 1 month (excluding mailing list traffic), I
gathered these reject/accept stats. I apologize if the formatting is
messed up:

Count Percent
DENIED_RDNS_RESOLVE 72413 58.29
DENIED_RDNS_MISSING 26924 21.67
ALLOWED 6766 5.45
DENIED_SENDER_NO_MX 4730 3.81
DENIED_BLACKLIST_NAME 4630 3.73
DENIED_GRAYLISTED 3311 2.67
DENIED_RBL_MATCH 2059 1.66
DENIED_IP_IN_CC_RDNS 1936 1.56
TIMEOUT 776 0.62
DENIED_INVALID_RECIPIENT 457 0.37
DENIED_OTHER 127 0.10
DENIED_IP_IN_RDNS 71 0.06
DENIED_HEADER_BLACKLISTED 32 0.03
DENIED_SENDER_BLACKLISTED 6 0.00
DENIED_RECIPIENT_BLACKLISTED 1 0.00
Total 124239

For the recent report I get:

102417 FILTER_RDNS_MISSING
41317 ALLOWED
35222 DENIED_RDNS_MISSING
21230 DENIED_RBL_MATCH
19200 FILTER_RBL_MATCH
6164 FILTER_EARLYTALKER
1878 FILTER_INVALID_RECIPIENT
1878 DENIED_INVALID_RECIPIENT
1347 FILTER_RELAYING
1347 DENIED_RELAYING
1068 DENIED_SENDER_NO_MX
1053 FILTER_SENDER_NO_MX
764 FILTER_RDNS_RESOLVE
576 DENIED_RDNS_RESOLVE
472 TIMEOUT
290 FILTER_WHITELIST_IP
132 ERROR(output_writeln()@log.c:104):
28 FILTER_HEADER_BLACKLIST
28 DENIED_HEADER_BLACKLISTED
24 FILTER_SENDER_BLACKLIST
24 DENIED_SENDER_BLACKLISTED
6 FILTER_OTHER
6 DENIED_OTHER
2 ERROR(smtp_filter()@spamdyke.c:1721):
2 ERROR(nihdns_mx()@dns.c:1935):
1 ERROR(smtp_filter()@spamdyke.c:922):

Clearly I don't run a high traffic server, but:
- Numerically, the missing/unresolvable rDNS tests appear to be the
most effective, though I haven't checked to see how many of those
rejections were for valid email addresses.
- For my own peace of mind, blocking subject lines with the header
blacklist has been the only way to stop persistent spammers from
reaching me via outlook.com [1] and gmail.com [2], which I'm not
willing to block outright.

Right.

- The rDNS blacklist percentage appears to be very low but it's
continually populated by my auto-blacklisting scripts and it's been
very effective against organized groups (i.e. not botnets). Even
though I rarely add to those scripts, I'm still amazed at how many new
domains it catches every day.

Are these auto scripts available?

- I also use another set of scripts to automatically unsubscribe my
users from "legitimate" mailing lists when they junk the messages
(Gmail does this too). Since my users usually can't tell the
difference between "real" spam and "legitimate" spam (and they don't
care), those scripts cut down their junk mail without blocking
constantcontact.com [3] and exacttarget.com [4] (and others like
them).

Right.

To answer your questions, you can block "To: undisclosed-recipients"
with the header blacklist filter, if that's really how it appears in
the message headers.

I'll give that a shot.

Blocking emails with no "To" line in the header
isn't something spamdyke can do right now, sorry!

OK.

Thanks!

Phil.

-- Sam Clippinger

On Apr 18, 2017, at 9:36 PM, Philip Rhoades via spamdyke-users
wrote:

People,

It has been almost a year since the last report - here is the
updated GD Spreadsheet:

https://docs.google.com/spreadsheets/d/1GqinPR2mA0Jz-uTZ2zVJgutpiDl62HNbn2gWGNpd7Tk/pubhtml

Unfortunately the amount of spam getting through the SD filtering,
then seen by me and being moved to the spam folder has gone up
almost five times since last year . . from the information I have
now put more stuff in the black From and To lists . .

I think the main problem is that my main email address is finding
its way on to more and more spam lists . .

How can I:

- reject mails with no "To:" address

- reject mails with a "To:" address of: "undisclosed-recipients"

Thanks,

Phil.
--
Philip Rhoades

PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Links:
--
[1] http://outlook.com
[2] http://gmail.com
[3] http://constantcontact.com
[4] http://exacttarget.com
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

--
Philip Rhoades

PO Box 896
Cowra NSW 2794
Australia
E-mail: p...@pricom.com.au
___

Re: [spamdyke-users] SD Stats Report #3 - more spam getting through

2017-04-19 Thread Sam Clippinger via spamdyke-users

Nice spreadsheet!  I don't have all the data you do, but just looking at my 
mail logs going back 1 month (excluding mailing list traffic), I gathered these 
reject/accept stats.  I apologize if the formatting is messed up:
Count   Percent
DENIED_RDNS_RESOLVE 72413   58.29
DENIED_RDNS_MISSING 26924   21.67
ALLOWED 67665.45
DENIED_SENDER_NO_MX 47303.81
DENIED_BLACKLIST_NAME   46303.73
DENIED_GRAYLISTED   33112.67
DENIED_RBL_MATCH20591.66
DENIED_IP_IN_CC_RDNS19361.56
TIMEOUT 776 0.62
DENIED_INVALID_RECIPIENT457 0.37
DENIED_OTHER127 0.10
DENIED_IP_IN_RDNS   71  0.06
DENIED_HEADER_BLACKLISTED   32  0.03
DENIED_SENDER_BLACKLISTED   6   0.00
DENIED_RECIPIENT_BLACKLISTED1   0.00
Total   124239  

Clearly I don't run a high traffic server, but:
- Numerically, the missing/unresolvable rDNS tests appear to be the 
most effective, though I haven't checked to see how many of those rejections 
were for valid email addresses.
- For my own peace of mind, blocking subject lines with the header 
blacklist has been the only way to stop persistent spammers from reaching me 
via outlook.com and gmail.com, which I'm not willing to block outright.
- The rDNS blacklist percentage appears to be very low but it's 
continually populated by my auto-blacklisting scripts and it's been very 
effective against organized groups (i.e. not botnets).  Even though I rarely 
add to those scripts, I'm still amazed at how many new domains it catches every 
day.
- I also use another set of scripts to automatically unsubscribe my 
users from "legitimate" mailing lists when they junk the messages (Gmail does 
this too).  Since my users usually can't tell the difference between "real" 
spam and "legitimate" spam (and they don't care), those scripts cut down their 
junk mail without blocking constantcontact.com and exacttarget.com (and others 
like them).

To answer your questions, you can block "To: undisclosed-recipients" with the 
header blacklist filter, if that's really how it appears in the message 
headers.  Blocking emails with no "To" line in the header isn't something 
spamdyke can do right now, sorry!

-- Sam Clippinger

On Apr 18, 2017, at 9:36 PM, Philip Rhoades via spamdyke-users 
 wrote:

> People,
> 
> It has been almost a year since the last report - here is the updated GD 
> Spreadsheet:
> 
>  
> https://docs.google.com/spreadsheets/d/1GqinPR2mA0Jz-uTZ2zVJgutpiDl62HNbn2gWGNpd7Tk/pubhtml
> 
> Unfortunately the amount of spam getting through the SD filtering, then seen 
> by me and being moved to the spam folder has gone up almost five times since 
> last year . . from the information I have now put more stuff in the black 
> From and To lists . .
> 
> I think the main problem is that my main email address is finding its way on 
> to more and more spam lists . .
> 
> How can I:
> 
> - reject mails with no "To:" address
> 
> - reject mails with a "To:" address of: "undisclosed-recipients"
> 
> Thanks,
> 
> Phil.
> -- 
> Philip Rhoades
> 
> PO Box 896
> Cowra  NSW  2794
> Australia
> E-mail:  p...@pricom.com.au
> ___
> spamdyke-users mailing list
> spamdyke-users@spamdyke.org
> http://www.spamdyke.org/mailman/listinfo/spamdyke-users

___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

[spamdyke-users] SD Stats Report #3 - more spam getting through

2017-04-18 Thread Philip Rhoades via spamdyke-users


People,

It has been almost a year since the last report - here is the updated GD 
Spreadsheet:


  
https://docs.google.com/spreadsheets/d/1GqinPR2mA0Jz-uTZ2zVJgutpiDl62HNbn2gWGNpd7Tk/pubhtml


Unfortunately the amount of spam getting through the SD filtering, then 
seen by me and being moved to the spam folder has gone up almost five 
times since last year . . from the information I have now put more stuff 
in the black From and To lists . .


I think the main problem is that my main email address is finding its 
way on to more and more spam lists . .


How can I:

- reject mails with no "To:" address

- reject mails with a "To:" address of: "undisclosed-recipients"

Thanks,

Phil.
--
Philip Rhoades

PO Box 896
Cowra  NSW  2794
Australia
E-mail:  p...@pricom.com.au
___
spamdyke-users mailing list
spamdyke-users@spamdyke.org
http://www.spamdyke.org/mailman/listinfo/spamdyke-users

Re: [spamdyke-users] SD Stats Report #3 - more spam getting through - CORRECTION

Re: [spamdyke-users] SD Stats Report #3 - more spam getting through

[spamdyke-users] SD Stats Report #3 - more spam getting through

3 matches

Site Navigation

Mail list logo

Footer information