Currently my family gets somewhere between 6000-9000 spam emails per week, most of it addressed to three of my email addresses and two of my kids’ emails. Since I manage my own email (through the webhost for another personal website), I’ve put together filters to replace the built-in spam blocking system (which either lets too much spam through, or catches too much legitimate email). I save incoming spam to help me improve my filters, and currently have around 230,000 spam emails saved off.
Recently, while working on the IP filters, I got curious as to which IP addresses and ISPs were responsible for most of this spam. Some results:
All IPs with 100+ spam emails
126.96.36.199 (311 spam emails, Leaseweb USA) 188.8.131.52 (250 spam emails, Leaseweb USA) 184.108.40.206 (200 spam emails, Leaseweb USA) 220.127.116.11 (186 spam emails, Leaseweb USA) 18.104.22.168 (180 spam emails, Leaseweb USA) 22.214.171.124 (173 spam emails, Leaseweb USA) 126.96.36.199 (166 spam emails, Leaseweb USA) 188.8.131.52 (159 spam emails, Leaseweb USA) 184.108.40.206 (125 spam emails, Leaseweb USA) 220.127.116.11 (119 spam emails, Leaseweb USA) 18.104.22.168 (112 spam emails, Russia - Digital Network JSC) 22.214.171.124 (108 spam emails, Leaseweb USA) 126.96.36.199 (104 spam emails, Leaseweb USA) 188.8.131.52 (101 spam emails, Leaseweb USA) 184.108.40.206 (100 spam emails, Leaseweb USA)
IP/24 ranges (256 IP addresses) with the most spam (Top Ten = all over 900)
220.127.116.11/24 (3077 spam emails, Lanset America Corporation) 18.104.22.168/24 (2652 spam emails, Lanset America Corporation) 22.214.171.124/24 (1218 spam emails, Essential Services) 126.96.36.199/24 (1218 spam emails, Leaseweb USA) 188.8.131.52/24 (1137 spam emails, Krypt Technologies) 184.108.40.206/24 (1058 spam emails, Lanset America Corporation) 220.127.116.11/24 (1043 spam emails, Krypt Technologies) 18.104.22.168/24 (993 spam emails, Krypt Technologies) 22.214.171.124/24 (991 spam emails, Global Frag Networks) 126.96.36.199/24 (983 spam emails, Eonix Corporation)
ISPs with the most total spam (Top 25)
Lanset America Corporation 8484 ColoCrossing/Colostore 7214 Krypt Technologies 7199 Global Frag Networks 6226 Essential Services 5965 Sagitta Residential (Denmark) 4215 Core Technology Services 4128 Eonix Corporation 3658 Limestone Networks 3653 (+19 legit) QuadraNet 3504 (+12 legit) Access Integrated Technologies 3402 CubeMotion LLC 3301 Leaseweb 3258 RIPE Network Coordination Center 3032 Isp4p (Germany) 3032 GHOSTnet GmbH 2558 Heymman Servers 2425 Hostwinds LLC 2172 Enzu Inc 2021 IP Interactive (Germany) 2006 Psychz Networks 1872 myLoc (Germany) 1800 AnDilo (Sweden) 1731 PSINet 1709 (+233 legit) NFOrce Entertainment BV (Netherlands) 1692
A few notes and caveats are in order. First, I haven’t identified the source of all the spam – there are a lot of IPs where I haven’t checked what ISPs they belong to, though those tend to all be low-spam IPs in low-spam IP blocks. Second, some spam senders appear to forge one or two “Received:” headers, and I’m not entirely sure I’m fully correcting for that. Third, the sources I use don’t always agree on which ISP owns certain IP blocks. In general, though, I think the figures above should be fairly close.
Also, I haven’t checked the “big boys” like Comcast, Time Warner, etc. I get a lot of spam from their ISPs, but even more legitimate email, so even if one of them would have made the list, it doesn’t seem right to put them up with the primarily-spam ISPs.