Monday, August 1, 2011

Chart: Spam Sending IP Addresses over Time

Passive Spam Block List or PSBL is a real-time trap-based DNSBL operated by Red Hat kernel engineer Rik van Riel.  It uses the Open Source Spamikaze in order to build and deploy an IP-based blacklist of spam sending offenders.  PSBL is one of the safest DNSBL's, and has been default in Spamassassin as of version 3.3.0 released in early 2010.

PSBL receives millions of spam every day, and after taking some safety precautions, it lists the sending IP addresses.  Then various organizations can download that list via rsync or query its public servers via DNS.  Accidental listings can be removed at any time through the self-serve interface at PSBL.org.  Otherwise, if an IP address does not send spam to PSBL within 2 weeks, then it is expired and no longer blacklisted.



Here we see there has been a substantial reduction of spam since recent peaks in February and March 2011.  Other articles have commented recently on this recent reduction in spam, suggesting that spam filters and legal actions have been largely effective.  It remains to be seen if this reduction is permanent, or if this is just a temporary lull. 

Subscribe to the Spamassassin for Sysadmins Newsletter for occasional news important to your Spamassassin deployments.  Also see our Ultimate Setup Guide for the latest tweaks to maximize your spam filtering effectiveness and safety.

3 comments:

  1. I think this largely reflects spammers' newfound interest in reputation hijacking; why send mail from a botnet that can be isolated and nailed by a blocklist when you could use a well-groomed ~freemail relay and get lost in the noise? You can't block gmail...

    ReplyDelete
  2. Newfound? They've been doing that for a decade.

    ReplyDelete
  3. It turns out the drop in spam sending IP addresses has been seen almost universally. Part of it seems to be due to a few very large botnets getting shut down.

    ReplyDelete