My Spam analysis & filter updates for the week of July 3-10, 2011
It appears that my spam percentage has stabilized at about 27%, plus or minus a few points. The subjects are exactly the same as they have been for the last year. Spammers are still wasting their money spamvertising counterfeit Cialis and Viagra and pushing bogus male enhancement herbals, like the MaxGentleman aka Dr. Maxman and various illicit prescription pharmaceuticals without the required prescription. Knockoff Chinese watches, weight loss herbs, loansharks, and Nigerian advance fee fraud round out the field.
The majority of this week's pharmaceutical spam was for various incarnations of the fake "My Canadian Pharmacy," et al. The domains are all owned by Russians, using cheap domain Registrars in Russia, Czechoslovakia, and other parts of the former USSR, as well as some from a dis-accredited Registrar in Australia. Almost all of the current fake pharmacy domains use either Russian or Chinese Name Servers. At least half of the links in the spam messages for these pharmacies are to .RU (Russian) domain websites, many of which are now hosted by spam friendly hosting companies in Romania.
This past 7 days, spam for various types of garbage amounted to 27% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from July 3 - 10, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.
Statistics Overview
Percentage classified as spam: 27%; +1% from last week
Number of messages classified as spam: 124
Number classified by my custom spam filters: 116
Number and percentage of spam according to my custom blacklist: 6
Number classified as spam by the Bayesian Learning filter: 0
Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 1
Number of spam messages seen, reported to SpamCop & manually deleted: 7
The order of spam categories, according to the highest percentages, is as follows:
Male Enhancement scams: 25.20%
Fake Viagra and Cialis: 18.70%
Pharmaceuticals (unlawful to import into the USA): 13.01%
Weight Loss Scams (e.g. HCG): 12.20%
Counterfeit Watches: 12.20%
My Custom Blacklist: 4.88%
Known Spam Domains: 4.07%
Other Filters (with small individual percentages): 3.25%
African Sender Scams: 1.63%
Loan Scams: 1.63%
Non-English Language Spam (French and Spanish): 1.63%
HTML Tricks (to position letters into spam words): 0.81%
.DNS Blacklisted Servers (e.g. SpamCop, Spamhaus): 0.81%
This week I made 1 updates and/or additions to my custom filters:
New filter: .doc attachment (was used in some recent Nigerian 419 Scams)
I made 1 addition to my custom Blacklist this week:
+@163.com
There were no false positives last week. All filters behaved as intended. Note, that I now publish three types of spam filters for MailWasher Pro. One type is for the latest 2011 series, in xml format, and two are for the previous series 6.x. One of those filters is set for manual deletions and the other for automatic deletions. You can read all about MailWasher Pro and the filters I write for it, on my MailWasher Pro Custom Filters page.
One side note and word of caution:
If you are a member of Facebook and you have set your Notification options to send you emails for everybody who comments after you, on your or somebody else's Wall, or Feed, you probably get a lot of these email notifications. Before you click on the link to "see Comment" or "See Comment Thread," hold your mouse pointer of those (button) links and read the destination URL in the Status Bar. Make sure that the link begins with http://www.facebook.com/... before you click on it. If that part of the domain name is anything else, it is probably a phishing scam.
If you don't know what the Status Bar is, read my article from July 9, 2011, titled How to display and use the statusbar in your email client.
If you are having trouble caused by excess volumes of spam email, and are not using an effective filter, why not try out MailWasher Pro? It sure works for me!
Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.
This weblog is licensed under a Creative Commons License.The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
