Top spam sources

Currently my family gets somewhere between 6000-9000 spam emails per week, most of it addressed to three of my email addresses and two of my kids’ emails. Since I manage my own email (through the webhost for another personal website), I’ve put together filters to replace the built-in spam blocking system (which either lets too much spam through, or catches too much legitimate email). I save incoming spam to help me improve my filters, and currently have around 230,000 spam emails saved off.

Recently, while working on the IP filters, I got curious as to which IP addresses and ISPs were responsible for most of this spam. Some results:

All IPs with 100+ spam emails

207.244.95.117     (311 spam emails, Leaseweb USA)
207.244.96.200     (250 spam emails, Leaseweb USA)
207.244.105.134    (200 spam emails, Leaseweb USA)
207.244.96.187     (186 spam emails, Leaseweb USA)
198.7.57.8         (180 spam emails, Leaseweb USA)
207.244.96.199     (173 spam emails, Leaseweb USA)
207.244.96.185     (166 spam emails, Leaseweb USA)
207.244.96.186     (159 spam emails, Leaseweb USA)
207.244.97.39      (125 spam emails, Leaseweb USA)
207.244.96.188     (119 spam emails, Leaseweb USA)
95.163.127.248     (112 spam emails, Russia - Digital Network JSC)
207.244.96.189     (108 spam emails, Leaseweb USA)
207.244.97.161     (104 spam emails, Leaseweb USA)
207.244.105.202    (101 spam emails, Leaseweb USA)
198.7.57.70        (100 spam emails, Leaseweb USA)

IP/24 ranges (256 IP addresses) with the most spam (Top Ten = all over 900)

69.94.152.0/24    (3077 spam emails, Lanset America Corporation)
69.94.156.0/24    (2652 spam emails, Lanset America Corporation)
216.169.120.0/24  (1218 spam emails, Essential Services)
207.244.96.0/24   (1218 spam emails, Leaseweb USA)
184.83.21.0/24    (1137 spam emails, Krypt Technologies)
69.94.146.0/24    (1058 spam emails, Lanset America Corporation)
184.83.24.0/24    (1043 spam emails, Krypt Technologies)
67.229.237.0/24    (993 spam emails, Krypt Technologies)
157.52.216.0/24    (991 spam emails, Global Frag Networks)
173.232.117.0/24   (983 spam emails, Eonix Corporation)

ISPs with the most total spam (Top 25)

Lanset America Corporation                 8484
ColoCrossing/Colostore                     7214
Krypt Technologies                         7199
Global Frag Networks                       6226
Essential Services                         5965
Sagitta Residential (Denmark)              4215
Core Technology Services                   4128
Eonix Corporation                          3658
Limestone Networks                         3653    (+19 legit)
QuadraNet                                  3504    (+12 legit)
Access Integrated Technologies             3402
CubeMotion LLC                             3301
Leaseweb                                   3258
RIPE Network Coordination Center           3032
Isp4p (Germany)                            3032
GHOSTnet GmbH                              2558
Heymman Servers                            2425
Hostwinds LLC                              2172
Enzu Inc                                   2021
IP Interactive (Germany)                   2006
Psychz Networks                            1872
myLoc (Germany)                            1800
AnDilo (Sweden)                            1731
PSINet                                     1709   (+233 legit)
NFOrce Entertainment BV (Netherlands)      1692

A few notes and caveats are in order. First, I haven’t identified the source of all the spam – there are a lot of IPs where I haven’t checked what ISPs they belong to, though those tend to all be low-spam IPs in low-spam IP blocks. Second, some spam senders appear to forge one or two “Received:” headers, and I’m not entirely sure I’m fully correcting for that. Third, the sources I use don’t always agree on which ISP owns certain IP blocks. In general, though, I think the figures above should be fairly close.

Also, I haven’t checked the “big boys” like Comcast, Time Warner, etc. I get a lot of spam from their ISPs, but even more legitimate email, so even if one of them would have made the list, it doesn’t seem right to put them up with the primarily-spam ISPs.

 

 

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s