Date: Sun, 9 May 2004 00:44:40 -0400 (EDT)
From: "Keith F. Lynch" <kfl at KeithLynch.net>
To: WSFA members <WSFAlist at WSFA.org>
Subject: [WSFA] Re: Spam Spike?
Reply-To: WSFA members <WSFAlist at WSFA.org>

"Barry L. Newton" <bnewton at ashcomp.com> wrote:

> In the last couple of days, my spam input has spiked dramatically.
> Anybody else notice the same effect?

Not me.  For the past several years, I've experienced an increase
of between 5% and 10% per month.  Over the past decade, this has
gradually increased my spam volume from less than one a day to the
present utterly insane volume of close to one per *second*.  But
I've seen nothing special or unusual in the past few days.

Here are the totals for yesterday (Saturday).

Total:  66,004 messages, of which 18 got through, 5 of which were
spams, and 8 of which were not.  I assume the remaining 65,986
messages which did not get through were all spams, viruses, worms,
or bounces of forged messages.  Here's the breakdown.

There's actually little point in this filtering (other than sheer
curiosity, and the fact that it would be more work to take it down
than to leave it up) since I accept everything from anyone in my
whitelist, or sent to my current disposable address, or that includes
certain whitelisted words and phrases on the subject line or
organization line, and reject absolutely everything else.  The
"notwhitelist" category shows messages that would have been accepted
if not for my whitelisting.  Everything else would have been rejected
under my old system.

Many of these messages would have been rejected for multiple reasons,
and which one it's listed under is whichever happened to be first in
my procmailrc file.

35462 html         -- message contains HTML code
 9336 korea        -- from South Korea
 5257 china        -- from mainland China
 4228 base64       -- contains a base64 attachment
 3078 notwhitelist -- no reason for rejection, except not in whitelist
 2284 bounce       -- bogus bounce message due to someone forging my address
  998 shared       -- Panix's shared filters
  917 nigeria      -- from Nigeria, or mentions Nigeria
  795 taiwan       -- from Taiwan
  686 argentina    -- from Argentina
  304 viagra       -- mentions that drug
  226 xanax        -- mentions that drug
  216 vicodin      -- mentions that drug
  175 toberemoved  -- message contains phrase "to be removed"
  154 xmsmailpriorityhigh  -- claims to be high priority
  153 otcbb        -- message mentions the Over The Counter Bulletin Board
  121 zimbabwe     -- from Zimbabwe or mentions Zimbabwe
  110 deskofthepromotionsmanager -- contains that phrase
   94 urgentandveryconfidential  -- contains that phrase
   81 iso2022jp    -- in a Japanese character set
   65 youcanearn   -- contains that phrase
   62 onetimemail  -- contains that phrase
   55 hydrocodone  -- mentions that drug
   54 sierraleone  -- mentions, or is from, that country
   51 s1618        -- mentions the imaginary S.1618 pro-spam law
   44 strictlyconfidential -- contains that phrase
   40 indiatimes.com -- mentions that website
   35 removeyourself -- contains that phrase
   34 80.179         -- from that IP block
   31 yoursuccessguidelines -- contains that phrase
   30 zaire          -- mentions, or is from, that country
   30 savimbi        -- mentions that person
   29 toobig   -- is too large (this is the only rule that trumps my whitelist)
   27 robertmugabe   -- mentions that person
   26 v1agra         -- mentions that drug, deliberately misspelled
   26 urgentandconfidential -- contains that phrase
   24 optin          -- contains that phrase
   21 congo          -- mentions, or is from, that country
   17 surprisetoyou  -- contains that phrase
   16 thankstothecomputerageandtheinternet -- contains that phrase
   15 vanbutsel      -- mentions that person
   14 vlagra         -- mentions that drug, deliberately misspelled
   14 urgentbusiness -- contains that phrase
   14 parishilton    -- mentions that person
   14 contenttransferencodingbase64 -- encoded in base64
   14 bankofafrica   -- mentions that bank
   13 removeyouremail -- contains that phrase
   12 solicityourstrictestconfidence -- contains that phrase
   10 internetmarketing -- contains that phrase
   10 optoutinstructions -- contains that phrase

There are about a hundred more rules, most of which only blocked one
or two messages yesterday.  And another hundred after that which
didn't happen to block any.

I'm surprised it hasn't been increasing faster lately, since over the
past few months I've been leaving a trail of discarded disposable
email addresses behind me.  Spammers can be expected to "collect the
whole set" and repeatedly pound away on each and every of them every
hour until the end of time.

I'd be surprised if email still exists in anything like its current
form in another two years.  Maybe we'll have to go back to the "golden
age" of communicating only by letters and fanzines.
--
Keith F. Lynch - http://keithlynch.net/
Please see http://keithlynch.net/email.html before emailing me.