Thursday, May 24, 2012

Update: Spam sending IP addresses over time

Update: Data through May 23rd, 2012.
Passive Spam Block List (PSBL) is a real-time trap-based DNSBL operated by Red Hat kernel engineer Rik van Riel.  It uses the Open Source Spamikaze in order to build and deploy an IP-based blacklist of spam sending offenders.  RCVD_IN_PSBL has been default in Spamassassin as of version 3.3.0 released in early 2010.  PSBL receives millions of spam every day, and after taking some safety precautions, it lists the sending IP addresses.  Then various organizations can download that list via rsync or query its public servers via DNS.  Accidental listings can be removed at any time through the self-serve interface at  Otherwise, if an IP address does not send spam to PSBL within 2 weeks, then it is expired and no longer blacklisted.

Rik van Riel wrote:
A lot of the variation in PSBL zone size seems to be due to both random variations in spam volume, as well as law enforcement shutting down botnets. Whenever a big botnet has been shut down, spam activity tends to be noticably less than before. I expect email spam is down simply because the spammers have also found alternative ways to spam, eg. click hijacking and sharing of spam material through social media.
This is an update to a similar chart from last year.