Low spam detection

Julian Field MailScanner at ecs.soton.ac.uk
Wed Apr 1 20:44:54 IST 2009 

On 1/4/09 19:53, Denis Beauchemin wrote:
> Hello all,
>
> I am seeing a significant decrease in spam detection over the last 
> months and I was wondering if anyone else was seeing the same trend on 
> their servers.
>
> Here are my stats from the start of 2008:
> month       emails        spam       virus      spam%    virus%
> 2008-01    7 337 089    6 348 633     59 386    86,5%    0,8%
> 2008-02    6 203 500    5 152 249    123 029    83,1%    2,0%
> 2008-03    8 118 670    7 010 463    140 891    86,3%    1,7%
> 2008-04    7 693 698    6 569 030     98 957    85,4%    1,3%
> 2008-05    7 956 170    6 927 306     81 625    87,1%    1,0%
> 2008-06    6 342 232    5 380 464     86 449    84,8%    1,4%
> 2008-07    6 779 005    5 866 915    102 319    86,5%    1,5%
> 2008-08    7 592 171    6 687 128    123 659    88,1%    1,6%
> 2008-09    8 947 295    7 779 344    125 637    86,9%    1,4%
> 2008-10    7 092 938    5 873 751     66 896    82,8%    0,9%
> 2008-11    5 093 559    3 917 609     73 225    76,9%    1,4%
> 2008-12    4 602 584    3 519 119     44 382    76,5%    1,0%
> 2009-01    3 568 832    2 430 698     36 931    68,1%    1,0%
> 2009-02    3 253 018    2 089 179     52 037    64,2%    1,6%
> 2009-03    3 341 614    2 050 365     66 486    61,4%    2,0%
>
> My servers are quite current: RHEL 5.3, SA 3.2.5-1 with many SARE 
> rules and KAM, DCC, Pyzor and Razor, Clam 0.95 with Sanesecurity and 
> some others, and many RBLs in sendmail.
>
> Every email blocked by a RBL is counted as spam (because it probably 
> is). Emails detected by Sanesecurity et al are counted as viruses.
>
> Do you have any ideas what could account for such abysmal spam rate 
> detection? I can see the total number of emails received dropping 
> significantly in the last 6 months.  Have others seen the same?
>
> Would DefenderMX help stop more spam?
BarricadeMX probably would. However...

Are you actually letting through much more spam than you were?
We have seen overall incoming spam rates drop a lot too, but we aren't 
letting through any more spam than we used to (I see no more spam than I 
used to, and no-one has commented to me that they are getting much more 
spam than they were).
The graph here:
     http://users.ecs.soton.ac.uk/jkf/goodtcp-year.png
shows the percentage of incoming SMTP connections which turn into mail 
delivered to someone's inbox, multiplied by 100.

So if the number on the vertical axis reached 3600 (the limit of the 
graph), then that would mean that 36% of SMTP connections resulted in a 
message arriving in someone's inbox, and hence 64% of connections 
resulted in the connection being dropped at SMTP time or the message 
being refused/dropped by MailScanner.

As you can see over the past year, the amount of spam reaching us has 
dropped a lot. Remember that back last November the McColo spamming colo 
centre was shut down, this resulted in a marked drop in global spam 
quantities.

This is from a sample of about 800,000 incoming SMTP connections per day.

Jules

-- 
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store

MailScanner customisation, or any advanced system administration help?
Contact me at Jules at Jules.FM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
PGP public key: http://www.jules.fm/julesfm.asc


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the MailScanner mailing list