![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
fanfA lot of our users have been asking us about the current spam problem, so I sent the following to our computing support staff mailing list and the ucam.comp.mail newsgroup. I thought it would be worth posting here too.
The volume of spam we are seeing has more than doubled since the summer, from about 15 messages blocked per second to over 35, and the amount of spam that gets past the blocks has increased accordingly. This is really unprecedented: in the preceding two years, the volume of blocked spam increased gradually from about 10 to about 15 per second. For comparison, we're handling about 7 messages per second, which includes internal email (3 per second) as well as non-blocked spam and legitimate email from outside the University.
That is, at least 90% of the 3.5 million messages offered to us each day from outside the University are spam.
It is a coincidence that this increase kicked off at about the start of term: this is a global problem that has been widely noted in the IT press. Unfortunately the current flavours of spam are difficult for our second-level filters (SpamAssassin) to handle because it doesn't have many recognizable features, such as URLs for criminal web sites, etc. We are updating SpamAssassin when new releases come out, which is roughly monthly at the moment.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
spamassassin should get 'em
Date: 2006-11-17 10:31 (UTC)hi! SA developer here. ;)
Well, most of those spams have the same poorly-disguised forgery signs in the headers, and we've been writing rules to catch them. (More rule developers are always welcome though.) RCVD_FORGED_WROTE, for example, nails most of one set, I think the SpamThru spammer's output. It's in sa-update.
Running "sa-update" is a very good idea nowadays -- it's easy, and the results are definitely worth it.
Of course, that doesn't solve the other side of the problem with this spam quantity increase -- the CPU load required to process that much mail goes up, too. We have a new subsystem to provide rule short-circuiting in 3.2.0, though, so that may help in future...
BTW, as far as I can tell, this massive upsurge is due to 1 or 2 spammers/spammer organisations. It's amazing how much havoc so few people can cause :(
Re: spamassassin should get 'em
Date: 2006-11-17 12:17 (UTC)For performance I'm fortunately reasonably well-endowed with hardware (as it were) so given the 90% catch rate from the Spamhaus and RBL+ black lists, we're not doing too badly.
I understand the law is after them, but the wheels of justice grind slow.