North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Port 25 - Blacklash

  • From: Valdis.Kletnieks
  • Date: Tue Apr 26 16:35:14 2005

On Tue, 26 Apr 2005 21:49:24 +0300, Hank Nussbacher said:
> 
> On Tue, 26 Apr 2005, Adam Jacob Muller wrote:
> 
> Doesn't seem to be stemming the tide of emails from Comcast though:
> <http://www.senderbase.org/?searchBy=organization&searchString=Comcast%20Cable>

I'm not arguing about Comcast still spewing - they obviously still have issues
in that arena... *However*...

I'd take those numbers with at least a grain of salt, given that they're
showing my laptop as having an average "magnitude" of 4.6 (3.1 for today), and
our Listserv server an average magnitude of 4.8 (4.6 for today), saying that
long-run my laptop is generating almost as much mail as our Listserv box.
And that's not including the e-mail I post while my laptop is at other addresses.

I'll overlook the fact that my laptop has sent a whole whopping 16 pieces of
mail since midnight, and our Listserv has sent at *least* 40,000.  Why the
discrepancy?  Because when I post to a list like NANOG or a SecurityFocus list
or Linux-Kernel, it gets counted multiple times, once for each recipient
sampled by SenderBase....

And for extra fun, it appears that it counts *every* machine in the Received:
headers, as trapdoor.merit.edu scores a 5.3, segue.merit.edu a 4.3, and
testbed9.merit.edu a 4.0. Meanwhile, mail.merit.edu gets a 0.0, because it's not
showing up in the Received: lines for NANOG postings, most likely...

The fact that I can from a laptop with a little posting to a few large lists
rank higher than all but 53 of AOL's 2,553 listed sources should indicate that
perhaps those numbers aren't quite as useful as they appear.

Comcast.net has 31,923 addresses listed at the moment.

Do they have 30,000 zombies, or 30,000 customers that post to popular mailing
lists?  Quite possibly at least partly the latter, as 24.22.118.199 ranks a 3.0
and isn't (as far as I know) a spam zombie, but a frequent poster to the
linux-kernel list. Meanwhile, of those 31,923, only 1,969 have a monthly
magnitude of 4.7 or more, the 4.8 cutoff is at 1,567, and the last 4.9 is at
1,012. And that 4.9 is (roughly) twice as much as I generate...

OK.. Think about that - of the 30,000+ listed, only 1,000 or so have measured
e-mail volumes significantly higher than one guy who posts a lot.  Obviously,
either my laptop is infested with a spam-spewing AI zombie (which *has* been
alledged before), or the SenderBase numbers don't tell the whole story....

Another indication: from the message I'm replying to:

Received: from efes.iucc.ac.il (efes.iucc.ac.il [128.139.202.17])
 	by testbed9.merit.edu (Postfix) with ESMTP id 41125186B	for <[email protected]>;
From: Hank Nussbacher <[email protected]>

http://www.senderbase.org/search?searchString=128.139.202.17

Hmm.. the IP ranks a 2.5 for the last 30 days, but:

"No address list shown since no email was detected from iucc.ac.il."

http://www.senderbase.org/search?searchString=mail.iucc.ac.il

gets a "last 30 days" of 0.0.

Ooooh Kaaaay.. maybe we need more than just a pinch of salt here... ;)

Attachment: pgp00018.pgp
Description: PGP signature