-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin Hepworth wrote:
> > Hamie wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >> >> Martin Hepworth wrote: >> >> >>> >>> >>> Fred wrote: >>> >>> >>>> Ben Hanson wrote: >>>> >>>> >>>>> Shortly after the first of the year, I noticed the >>>>> percentage of spam messages for our organization dropped >>>>> consistently by 10-15%. Ben >>>> >>>> >>>> >>>> >>>> I see between 83-85% spam. We use SARE rules + my own >>>> home-brew rules + the new BLACK uribl lists + unreleased SARE >>>> rules. In the past 24 hours the numbers are: spam-reject >>>> 55,967 mail-in 11,089 total-mail 67,056 >>>> >>>> Viruses not included in this count, it would skew things due >>>> to the recent increase in new viruses lately. >>>> >>>> http://www.rulesemporium.com might have some helpful rules >>>> for you to add to your setup. >>>> >>>> On another topic, I see just as many user-unknowns as I >>>> reject spam. That's cause we are an ISP and customers like to >>>> switch stuff around often ;) >>>> >>>> Frederic Tarasevicius Internet Information Services, Inc. >>>> http://www.i-is.com/ 810-794-4400 >>>> >>> >>> Fred >>> >>> 70% of my inbound traffic is for unknown users, 20% >>> spam/malware and 10% real mail. >>> >> >> >> How do you count 'unknown users'? Accurately I mean... >> > I can examine the reject log in exim to get counts. > >> Assuming you don't accept email in the first place if the user is >> unknown (Or you might I guess, but it seems like un-necessary >> processing to me) most spammers that I can see in our logs just >> keep re-trying again & again & again... >> > > yes, but given 70% of my inbound traffic is a pretty constant > figure I'm not seeing this. > > also rejecting 70% of my traffic on MTA connection the small amount > of proocessing to lookup valid email address is way way less than > having to SA scann all these emails. > Ah yeah... That's what I meant. I re-read my sentence. I may have been ambiguous & made it look like I considered validating the addresses to be un-necessary. >> For example on our mail server I reject far more than I accept. >> Yet the rejects are in most cases repeated. As spammers appear to >> be a thick bunch & don't take a 5xx very well. >> >> Currenty I have 'discussions' with various people round here over >> the fact that we 'only' catch about 5-10% of our total accepted >> email in SA as spam, yet MessageLabs et al always like to quote >> the (To me) alarmist figures of 80% email is spam etc. But then >> we reject email from un-verified addresses and don't accept email >> for unknown users at the border MTA, not at SA. (And so don't >> have an accurate count of them). >> >> H >> > > lucky you, even taking out the uknown users I'm running 75% spam on > my inbound. > The only thing I can think of (Since I can't see 70% of delivered mail being spam) is that I have a user population that doesn't get spammed very much. Probably because most of them only have an internet presence for business emails & nothing else. Thus their mail addresses don't get harvested. Plus the sender validation of course. That seems to block a lot of inbound spam. H -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCjF6p/3QXwQQkZYwRAlStAKCsTq1XF8E0ZAukcoz+wtW5ysqFLQCeLuQt Fk5vJNeKyrG+Ndo+mSczw+4= =gv57 -----END PGP SIGNATURE-----
