My Spam analysis & filter updates for the week of Mar 21 - 27, 2011
Following last week's big decline in spam, due to the sudden takedown of the Rustock botnet, other botnet operators have taken up the slack, bring spam levels back up to 38% of my incoming email. This week the majority of spam was for counterfeit name brand watches, followed by pharmaceuticals, male enhancement and fake Viagra.
This past 7 days, spam for various types of garbage amounted to 38% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from Mar 21 - 27, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.
Statistics Overview
Percentage classified as spam: 38%; up 10% from last week
Number of messages classified as spam: 214
Number classified by my custom spam filters: 175
Number and percentage of spam according to my custom blacklist: 10
Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 1
Number of spam messages seen, reported to SpamCop & manually deleted: 10
The order of spam categories, according to the highest percentages, is as follows:
Counterfeit Watches: 33.33%
Pharmaceuticals and illegal prescription drugs: 22.58%
Male Enhancement scams: 13.44%
Fake Viagra and Cialis: 11.83%
Blacklisted sender names and domains (my blacklist): 5.38%
Other Filters (with small percentages): 4.30%
African Sender: 2.15%
.BR, .CN, or .RU domain links: 1.61%
Subject contains e-mail address: 1.61%
Work At Home Scams: 1.08%
419 scams: 1.08%
Loans/Bankruptcy scams: 1.08%
DNS Blacklist Servers: 0.54%
This week I made 6 updates and/or additions to my custom filters:
Known Spam Domains
Watches Spam
Work At Home Scam
New filter: Courier Scam #7
New filter: .BR, .CN, .RU Domain Link
Re-enabled Weight Loss filter.
There was one false positive last week, resulting in my creating a new filter to detect .RU domains in the message body. All other filters behaved as intended. Note, that I now publish three types of spam filters for MailWasher Pro. One type is for the latest 2011 series, in xml format, and two are for the previous series 6.x. One of those filters is set for manual deletions and the other for automatic deletions. You can read all about MailWasher Pro and the filters I write for it, on my MailWasher Pro Custom Filters page.
Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.
This weblog is licensed under a Creative Commons License.The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
