Home arrow Blog arrow Reports arrow SPAM Vacation
Border States Consulting, LLC |
Service Plans
News Feeds
Advanced Search
Other Menu
Remote Support
Trouble Ticket

Authorize.Net Certified Developer

Avast antivirus

SPAM Vacation PDF Print E-mail

One of the services I provide my clients is SPAM email filtering.  Typically if the client has an in-house email server I will set up a SpamAssassin box as the first line of defense to incoming emails.  Once the email has made it past the filter, then it's forwarded to the in-house server.  Recently I noticed a sudden unexplained drop in incoming emails to one of my SpamAssassin boxes.  It's like the spammers took a vacation for 5 days in April.  Here is a graph representing the incoming connections to this box.


Notice the quite obvious gap between April 16 to 20.  Now, the 19th and 20th were a weekend so we could dismiss those two if not for the previous 3 days.  Here are two other graphs breaking it down a little further for the same time period.



Right away I wanted to know what could have caused this, and most importantly, could I duplicate it!  As you can see the number of "normal" emails remained about the same, but those two to three thousand spam emails were obviously on holiday.

The first thing I thought of, was that late in the evening of the 15th I had moved this client's website from hosting company A to hosting company B and changed the DNS pointers.  So that was the first suspect in this mystery.  However, the website domain is a .org domain, and their email is a completely separate .com domain - so I really don't see any way this SPAM anomaly could be related to that.

Back to the drawing board, I decided to check another SpamAssassin box at a different client in the same state, but about 75 miles away.  Here is a graph from that box for April, and you'll notice it's almost a duplicate of the one above.


So, this confirms that it was not related to the client's domain, since we see the same gap in incoming SPAM at this client also.  The next suspect is that the number of tagged SPAM did increase slightly during that period, so is it possible that the spammers techniques are getting around the filter's ruleset for a few days?  No, notice that the increase in the number of tagged SPAM is only about 10% of the normal deleted emails, and you'll also notice that this drop is not only apparent in the number of deleted items, but also in the total number of SMTP connections - so another theory shot down.

Since this is not related to our filter's ruleset either, it must be something upstream - something out on the Internet - which caused this gap in SPAM.  Could be that whatever email system used by the spammers who target these clients was down for a few days, or could be the ISP was changing settings and blocked them for a few days, I may never know...

One thing I do know, is that SpamAssassin does a very good job of trimming the fat from the inbox, not to mention taking a load off the main email server.  I think any company that has an in-house email server could benefit from having such a filter in place.  As you can see from the graphs above, it is a valuable piece of equipment in the effort to fight SPAM.  Border States Consulting can help implement one of these at your company too, just give us a call.



Last Updated ( Jun 07, 2016 at 09:01 AM )

Final Fantasy XIII-2

Mambo is Free Software released under the GNU/GPL License. Hosted by <Border States Consulting, LLC>