I'm not seeing anything out of the ordinary this week.
One thing of note however. When the dictionary attacks started coming in force to my domains, I saw a huge shift from static spam to zombie spam. It turns out that much of this was just simply garbage going to bad addresses. One spammer accounts for over 25% of my mail volume, all from dictionary attacks (I have about 10 domains involved with these on and off). I've also noted that there are some spammers that are repeatedly slamming their harvested lists from some of my larger domains. A 10% increase could just simply be one such spammer. There are two very high volume zombie spammers that have been attacking legit addresses on our server for at least a month now. I wouldn't be surprised to see another 5% to 10% of our volume between the two of them.
Static spammers have been more problematic for us than in the past. Primarily because these guys are using new IP space and going full force from the start. Something else that I noticed was some of the very high volume zombie spam not getting tagged by Sniffer or SURBL for over 24 hours at times, which leads me to believe that they are getting smarter and using specific payload domains across a select group of recipient domains in order to avoid detection. One spammer managed to do this repeatedly, so I'm pretty sure about that. Seems like SURBL has caused spammers to start to enhance their techniques yet again.
Matt
Colbeck, Andrew wrote:
No, I haven't seen this.
But I have meant to ask if others on the list are seeing that their spam volumes are up in the last week. I have, by a 10% increase. What I'm seeing is not more spam getting to mailboxes, just more spam volume. Viral activity has been constant.
Andrew 8)
-----Original Message-----
From: Sheldon Koehler [mailto:[EMAIL PROTECTED] Sent: Thursday, October 28, 2004 9:45 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] Spam getting through
Lately we have been seeing a lot of spam getting through passing ALL tests. We are starting to get complaints from customers on this and I wonder if we are alone in this problem or not. These are all coming in with a weight of 0, no whitelisting or any simple tests are failing (i.e. rDNS).
Sheldon
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
-- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
