This page documents the amount of spam I'm getting ... in short, far too much.
There are a number of 'addresses' feeding into this spam archive. One is a single personal address served by a mail server with a high level of spam control. Another is an old personal ISP mail account. The other two are domains which forward all addresses into the address which feeds this archive; one of which is now redundant but which lives on as a proportion of this archive. Finally there is the domain which I run myself which is relatively new.
I make no effort to hide the email addresses, and in fact my current address is published on the web. This may seem daft, but I'll be dammed if I let the spammers push me into hidding.
The script that generates the report is fairly simple and written in Python; it makes use of Ploticus to generate the graphs. It is a very simple script that is not worth publishing especially as it is very setup dependent (and depends on MH mailboxes).
I am currently 'refreshing' the script that generates this page so things may be broken from time to time. Note that any references to 'injection IP address' is very new and may well be completely wrong, but refers to the IP address where the spam was inserted into the mail system.
| Date report was generated | 2008-06-07 |
|---|---|
| Total number of messages | 220551 |
| Total size of archive | 1 Gbytes |
| Average size of each spam | 6 Kbytes |
| Number of days for which email was archived | 1826 |
| Average number of spams per day | 120 |
| Number of Injection point IP addresses | 88423 |
The average size looks high for email, but a distribution graph (too boring to include) shows that only a very small number are large in size; the vast majority are small. However there is a slow increase over time ... a symptom of spammers using more images to avoid text analysis blocking.
Officially the overall number of spams per day has an average of around 80; however this is consistently climbing. In fact the end of the graph I am looking at is consistently higher ... more like an average of 200 a day. Some of this increase may have something to do with an occasional message sent to SPAM-L ... spammers are known to do this. However it is probable that the amount of spam is simply growing.
Above shows the size (in Kbytes) of the spam received each day. Just shows how much disk space and bandwidth is wasted by one victim.
Above shows the average size of spam per day. Previously I claimed that it was odd that we were not seeing a gradual increase over time. However it is plain that the increase is here ... cause by spammers starting to use images to get past text blocks. Indeed the images that the spammers are using are intentionally made difficult for OCR software to scan.
This graph shows the average SpamAssassin score over time. I believe that this graph is dominated by local factors ... when SpamAssassin was upgraded, when the Bayes database was purged, etc.
The following table is a list of what appears to be the address the spammer sent to, and the number of spams that recipient received. The ones show emphasised have been used by myself at times in the past.
| Recipient | Count | very@zonky.org | 31854 |
|---|---|---|---|
| contact@zonky.org | 7420 | ||
| hmv@meredithm.fsnet.co.uk | 4762 | ||
| hmv@port.ac.uk | 4417 | ||
| mike@blackhairy.demon.co.uk | 1732 | ||
| root@zonky.org | 906 | ||
| mv@meredithm.fsnet.co.uk | 302 | ||
| mike@redhairy1.demon.co.uk | 170 | ||
| sales@zonky.org | 143 | ||
| unknown@blackhairy.demon.co.uk | 126 | ||
| feedback@zonky.org | 123 | ||
| info@zonky.org | 107 | ||
| billing@zonky.org | 105 | ||
| mail@zonky.org | 88 | ||
| help@zonky.org | 84 | ||
| service@zonky.org | 80 | ||
| test@zonky.org | 74 | ||
| support@zonky.org | 73 | ||
| guest@zonky.org | 71 | ||
| uucp@zonky.org | 70 | ||
| accounts@zonky.org | 70 | ||
| advertising@zonky.org | 67 | ||
| clara@zonky.org | 66 | ||
| orders@zonky.org | 61 | ||
| ozaetatasr@zonky.org | 61 | ||
| home@zonky.org | 60 | ||
| keudglxlzewxffs@zonky.org | 60 | ||
| y@zonky.org | 60 | ||
| aytekin217@zonky.org | 60 | ||
| landus850@zonky.org | 60 | ||
| harpal_prince@zonky.org | 60 | ||
| xqikgizzfpgzjyyp@zonky.org | 59 | ||
| rozannne@zonky.org | 59 | ||
| asonkirchmar@zonky.org | 59 | ||
| qadpeyicejghoktwuty@zonky.org | 59 | ||
| accounting@zonky.org | 59 | ||
| krystyl919@zonky.org | 59 | ||
| simosodano@zonky.org | 59 | ||
| holdenjunaid@zonky.org | 59 | ||
| blanekoc@zonky.org | 58 | ||
| raney_jakopic@zonky.org | 58 | ||
| irwin@zonky.org | 57 | ||
| cole@zonky.org | 57 | ||
| lipinskikqbgx@zonky.org | 57 | ||
| majordomo@zonky.org | 57 | ||
| henri381@zonky.org | 57 | ||
| deniss554@zonky.org | 57 | ||
| breknoergaard@zonky.org | 57 | ||
| marigoni@zonky.org | 57 | ||
| theresa_moayyedfar@zonky.org | 56 | ||
| noackhhm@zonky.org | 56 | ||
| lanning@zonky.org | 55 | ||
| latta@zonky.org | 54 | ||
| marx@zonky.org | 54 | ||
| masood925@zonky.org | 54 | ||
| vanessaliebman@zonky.org | 54 | ||
| floyd757@zonky.org | 53 | ||
| hoogakker@zonky.org | 53 | ||
| inkrotthroy@zonky.org | 53 | ||
| jaclyn770@zonky.org | 53 | ||
| dualkeay@zonky.org | 52 | ||
| leandrojhdsjk@zonky.org | 52 | ||
| jureckildh@zonky.org | 52 | ||
| lippel@zonky.org | 51 | ||
| nielsen@zonky.org | 50 | ||
| eolmtcvgavjrvedejw@zonky.org | 50 | ||
| webmaster@zonky.org | 49 | ||
| maigue@zonky.org | 49 | ||
| nunzio259@zonky.org | 49 | ||
| karrie278@zonky.org | 49 | ||
| donna@zonky.org | 45 | ||
| mchale@zonky.org | 45 | ||
| jakopic@zonky.org | 44 | ||
| prince@zonky.org | 44 | ||
| haydeemaria@zonky.org | 40 | ||
| moayyedfar@zonky.org | 38 | ||
| admin@zonky.org | 36 | ||
| lanciault@zonky.org | 36 | ||
| mike | 29 | ||
| hmv@blackhairy.demon.co.uk | 21 | ||
| ontact@zonky.org | 18 | ||
| postmaster@zonky.org | 15 | ||
| administrator@zonky.org | 13 | ||
| shih.nielsen@zonky.org | 8 | ||
| tanis.mchale@zonky.org | 7 | ||
| cufta.marx@zonky.org | 7 | ||
| 200210151834.04998.mike@blackhairy.demon.co.uk | 7 | ||
| ery@zonky.org | 7 | ||
| info@blackhairy.demon.co.uk | 6 | ||
| msm@redhairy1.demon.co.uk | 5 | ||
| christ.lippel@zonky.org | 5 | ||
| 200205011755.24920.hmv@meredithm.fsnet.co.uk | 4 | ||
| 200211012217.51126.mike@blackhairy.demon.co.uk | 4 | ||
| 200205011902.19762.hmv@meredithm.fsnet.co.uk | 4 | ||
| meredithm@csovax.portsmouth.ac.uk | 3 | ||
| fxfxfxfxfxxfxfxfxfxfxfxfxfxfxfxfxfxfxfxfxffxfxfxfxfxfxfxfx@blackhairy.demon.co.uk | 3 | ||
| 200211092325.40547.mike@blackhairy.demon.co.uk | 2 | ||
| ddb@blackhairy.demon.co.uk | 2 | ||
| hzv@meredithm.fsnet.co.uk | 2 | ||
| nbca@blackhairy.demon.co.uk | 2 | ||
| yndxenm@blackhairy.demon.co.uk | 2 | ||
| mike.meredith@port.ac.uk | 2 | ||
| 200212032309.45390.mike@blackhairy.demon.co.uk | 1 | ||
| thornbere@cv.port.ac.uk | 1 | ||
| postmaster@meredithm.fsnet.co.uk | 1 | ||
| weavingdj@cv.port.ac.uk | 1 | ||
| dianjugilman@zonky.org | 1 | ||
| mikemeredithathomehmv@meredithm.fsnet.co.uk | 1 | ||
| 200210061227.18993.mike@blackhairy.demon.co.uk | 1 |
Interestingly this shows that the spammers do not just target addresses that they have obtained by web scraping or by even more dubious means, but will send out to guessed at addresses. Interestingly it seems that the software with the 'off by one' error that resulted in mv@meredithm.fsnet.co.uk (i.e. chopped off the first character of the address) is no longer in use ... my newer addresses aren't being chopped.