OT: extraordinary amount of spam to one domain

Steve Freegard steve.freegard at fsl.com
Tue Dec 22 10:36:05 GMT 2009


On 22/12/09 10:13, Jeff Mills wrote:
> I have one domain that is consuming over 90% of the traffic to our servers.
> Yesterday we blocked 650,000 emails at the MTA and 600,000 of them were
> for a single domain (we host around 50).

This is pretty much the norm with most sites I look after.  The number 
of messages rejected at the MTA usually far exceeds the number of 
messages accepted.

> The ones that are getting through the MTA seem to be picked up by
> MailScanner - the vast majority with a subject such as "User <random
> username> special 80% OFF"

That's all botnet generated junk.

> My mail logs are just a blur. If we had just one other domain doing the
> same thing, I'm sure we wouldn't handle the load.
> How can a single domain be such a target? Mind you, this is a domain
> with less than 10 users.

The number of users at the domain doesn't usually have any relevance to 
the amount of spam it receives.  It's usually the domain age and how it 
has been used in the past.

> Is it just unlucky? Is anyone else experiencing this?
>

Just unlucky I guess - but I'd say you're lucky that you don't see this 
on the other domains.

As long as you're blocking it at the MTA; it really doesn't matter as 
MTA level stuff is cheap.

Regards,
Steve.



More information about the MailScanner mailing list