My Spam analysis & filter updates for the week of July 24-31, 2011
This week, my incoming spam level dropped 1% from last week. Viagra and Cialis spam regained the top position, with Male Enhancement and various Pharmaceuticals filling positions 2 and 3. Diploma spam has almost doubled since last week and many spam templates are using URL shorteners to hide the destination.
For the last two weeks, Spammers have been using a new template that adds huge amounts of space-bar spaces between the spam words in the plain text source code. This is done to evade spam filters. This is followed by HTML content that is identical. However, when HTML is rendered, only one space is shown between words, making the actual spam message readable by a Humans. I have created and published new custom filters for MailWasher Pro users, which easily detect and block this type of spam, whether for diplomas or drugstores.
This past 7 days, spam for various types of unsolicited commercial email (UCE) amounted to 27% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from July 24-31, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.
Statistics Overview
Percentage classified as spam: 27%; -1% from last week
Number of messages classified as spam: 122
Number classified by my custom spam filters: 112
Number and percentage of spam according to my custom blacklist: 9
Number classified as spam by the Bayesian Learning filter: 0
Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 0
Number of spam messages seen, reported to SpamCop & manually deleted: 21
The actual percentages of spam by category follow below.
The order of spam categories, according to the highest percentages, is as follows:
Fake Viagra and Cialis: 24.79%
Male Enhancement scams: 20.66%
Pharmaceuticals (totally unlawful to import into the USA): 11.57%
Diploma Spam: 9.09%
Other Filters (with small individual percentages): 7.44%
My Custom Blacklist: 7.44%
Weight Loss Scams (e.g. HCG): 5.79%
Counterfeit Watches: 4.96% (double from last week!)
Known Spam Domains (mostly .RU): 2.48%
Non-English Language spam (apparently, Spanish and French): 2.48%
URL Shortener Spam Link (updated for any short url): 1.65%
Thunderbird User-Agent spam template: 1.65%
This week I made 7 updates and/or additions to my custom filters:
.BR, .CN, .RU .UA Domain Link,
Casino Spam,
Image Spam #11,
Pump and Dump Scam,
URL Shortener (Spam) Link.
New Filter: Drugstore with spaced words.
New Filter: Thunderbird Spam.
I made 0 additions to my custom Blacklist this week:
There were no false positives last week. All filters behaved as intended. Note, that I now publish three types of spam filters for MailWasher Pro. One type is for the latest 2011 series, in xml format, and two are for the previous series 6.x. One of those filters is set for manual deletions and the other for automatic deletions. You can read all about MailWasher Pro and the filters I write for it, on my MailWasher Pro Custom Filters page.
If you are having trouble caused by excess volumes of spam email, and are not using an effective filter, why not try out MailWasher Pro? It sure works for me!
Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.
This weblog is licensed under a Creative Commons License.The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
