I reserve the right to publish any communication between spammers and me in whole or in part.
Pie charts and tables of rejected mail.
The same, but focused on RCPT Tos which are message-ids.
These hosts and domains are blacklisted by this system.
These files contain the headers of all spam send to this system over the
last couple of decades (the complete spam archive is available to
legitimate spam investigators).
Please keep in mind that some of the information, including the sender
address, may be forged. If you find that someone has been using your name
or email address without your consent, it might be a nice idea to have
them prosecuted.
To avoid harvesting, email addresses have been modified;
'Some.User@Some.Domain' has been changed into 'Some.User%40Some%2EDomain'.
Message-Ids are unaltered.
Year | Spams | Sp/Mn |
1998 | 257 | 21.4 |
1999 | 159 | 13.3 |
2000 | 83 | 6.9 |
2001 | 91 | 7.6 |
2002 | 76 | 6.3 |
2003 | 31 | 2.6 |
2004 | 47 | 3.9 |
2005 | 10 | 0.8 |
2006 | 21 | 1.8 |
2007 | 7 | 0.6 |
2008 | 6 | 0.5 |
2009 | 5 | 0.5 |
2010 | 15 | 1.2 |
2011 | 7 | 0.6 |
2012 | 21 | 1.8 |
2013 | 29 | 2.4 |
2014 | 25 | 2.1 |
2015 | 21 | 1.9 |
2016 | 21 | 1.9 |
2017 | 4 | 0.3 |
2018 | 11 | 0.9 |
2019 | 14 | 1.2 |
2020 | 17 | 1.4 |
Test mails from spammers looking for vulnerable web forms.
Yet an other persistent harasser (Dutch).
Phishes from creeps how claim to be my ISP. This bothered me for years, but I only recently started tracking this.
More recently: a little Exim filter to block this crap;
xs4all.nl is my ISP. So their hosts are *.xs4all.nl.
Mail sent by XS4ALL to me, will be send to My_Address@xs4all.nl. All other mail
send by the XS4ALL mailservers should be send to My_Address@My_Domain.
If mail send to My_Address@xs4all.nl does not originate from an @xs4all.nl email
address or not from XS4ALL host, it's a phish.
I use a '.forward' to forward the mail to xs4all@My_Domain. At home,
/etc/aliases delivers the mail to My_Address@My_Domain.
By testing the Envelope-to, I can distinguish between forwarded and non forwarded
mail.
# Check forward at XS4ALL deny message = This looks like a phish to me. hosts = *.xs4all.nl : *.xs4all.net recipients = xs4all@My_Domain senders = ! : ! *@xs4all.nl
This checks the envelope-from. This should either be '<>' or an XS4ALL email address.
# Check forward at XS4ALL deny message = This looks like a phish to me. hosts = *.xs4all.nl : *.xs4all.net condition = ${if match\ {$recipients}\ {\Nxs4all@My_Domain\N}\ {yes}{no}} set acl_m7 = ${filter{<\n $rh_received:}{match{$item}\ {\N^from .*\[([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+|::1|[0-9A-Fa-f]{1,4}:.+)\]\N}}} condition = ${if forany\ {<\n $acl_m7}{!match{$item}\ {\N(127\.0\.0\.1|194\.109\.|::1|2001:888:.+)\N}}\ {yes}{no}}
All raw header received lines, starting with 'from ' AND containing an
IP address are put in 'acl_m7' ('<\n' means delimiter is newline).
'forany' tests all these remaining lines in acl_m7. If any of these lines does
not match an IP address used by my ISP (127.0.0.1, 194.109.*.*, ::1, 2001:888:*),
the mail gets rejected.
Spammers use worms and viruses to send spam and harass anti spam sites.
Below systems that are possibly infected;