The bad news is that despite the United States "CAN Spam" act taking effect on January 1st, the spam flow is still the same as it was before CAN Spam. The good news is that this is the first month in years that the amount of spam did not increase. However, that may be due to the spammers spending a lot of time creating new viruses (which they use to get a fresh source of new computers to send from), which is bad, as it suggests a lot more spam in the near future.
The following is a list of tests that we run against the E-mails arriving at the spamtraps, and what percentage of the spam they caught (it may be easier to read if you use a fixed-width font):
WEIGHT10 99.41% NOLEGITCONTENT 95.60% WEIGHT20 95.51% SNIFFER 95.26% SPAMCHK 92.29% IPNOTINMX 91.38% SPAMCOP 81.36% CMDSPACE 78.74% MAILDEFLECTOR 70.07% DSBLALL 60.08% DSBL 59.98% CBL 57.46% BLARSBL 54.72% FIVETENSRC 48.28% SORBS-DUHL 43.38% NOABUSE 32.89% NOPOSTMASTER 32.21% AHBL 26.21% FREEMAIL 25.08% NJABLPROXIES 24.30% REVDNS 22.71% BADHEADERS 21.57% HELO 21.44% SPAMHAUS 18.81% ROUTING 16.10% SORBS-SOCKS 15.81% SORBS-HTTP 14.97% IPWHOIS 13.25% DSN 11.66% NJABLSOURCES 9.80% SPAMHEADERS 9.46% SORBS-SPAM 9.17% RSL 7.39% BLITZEDALL 7.33% NJABLDUL 6.49% COMMENTS 6.04% BASE64 4.43% LNGSDUL 4.05% FIVETENIGNORE 3.73% FABELSOURCES 3.70% MAILFROM 2.43% SPAMBAG 1.86% BADWHOIS 1.73% SORBS-MISC 1.19% SPFFAIL 1.10% NJABL 1.07% INTERSIL 0.93% SORBS-SMTP 0.88% ORDB 0.78% JIPPG-DUL 0.67% SORBS-WEB 0.51% FIVETENOPTIN 0.49% DNSRBL-DUN 0.46% NONENGLISH 0.45% SORBS-ZOMBIE 0.28% LNGSBLOCK 0.24% DNSRBL-SPAM 0.21% KITHRUP 0.17% DSBLMULTI 0.13% PIGS 0.09% KUNDENSERVER 0.07% FIVETENOTHER 0.07% DNSMAILLIST 0.06% FIVETENMULTI 0.01% FIVETENWEBFORM 0.01% JIPPG-DULJP 0.01% DEVNULL 0.01% NJABLFORMMAIL 0.01%
The WEIGHT10 and WEIGHT20 tests are part of a weighting system that assigns a weight to each E-mail, based on the spam tests that fail, so they don't really count as spam tests by themselves (but, they show that you can catch well over 95% of spam with extremely few false positives, and without relying on a single spam test). It is also important to note that different tests are more likely to produce false positives, which is what makes the weighting system so useful (E-mail will only be marked as spam if it fails a combination of tests). The NOLEGITCONTENT and IPNOTINMX tests were designed to help identify legitimate E-mail (rather than spam), which accounts for their high percentages.
What is really interesting again this month is the new CMDSPACE test, which is designed to detect spamware that doesn't follow the RFCs exactly. Over 75% of all spam can be caught with this one test (with a real false positive ratio of 0.00049 in our testing). Also, over 20% of the spam this month could safely be caught by the BADHEADERS test (since no RFC-compliant mail client will send out E-mail that fails the BADHEADERS test). That's a lot of spam that can be caught safely.
More information on most of the spam tests shown above can be found at http://www.declude.com/junkmail/support/ip4r.htm . You can look up an IP address using the Spam Database Lookup tool at http://www.DNSstuff.com to see what spam databases it is listed in. The most recent 20 spams in our spamtraps, and the tests they failed, can be found at http://www.declude.com/spamtrap.htm .
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers.
Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection.
Find out what you have been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
