Status Index | News | Internet | HiWAAY | Services | Email/Spam | Traffic | Dialup | Links

Email & Spam Traffic
These graphs are generated "on the fly", so please be patient while they are generated.
Click on a graph for more information.

Email message traffic for HiWAAY.net
This is the total number of email messages sent and received at HiWAAY.net, after anti-spam and anti-virus filtering.


HiWAAY's Anti-Spam Policy
Unsolicited bulk email messages (aka 'spam') have become a serious problem on the Internet. Visit HiWAAY's Anti-Spam Policies page for details about our efforts to combat spam. The statistics below document HiWAAY's success at filtering out spam from our subscribers mailboxes.

Total spam filtered
This is the total number of messages that were filtered as spam.
The graph is "capped" at 2800 messages/minute so that short-term peaks don't "drown out" the regular data.


Spam filtered by method
This is the number of messages filtered, broken down by the method used to filter them. See below for a description of each method.
The graph is "capped" at 1700 messages/minute so that short-term peaks don't "drown out" the regular data.


To see a graph of individual filtering statistics, select a method below. The methods are listed in the order they are applied, except that some of the DNS checks are done in different places, before and after the other checks.

• PBL Filtering Statistics - The Spamhaus Policy Block List (web site) is a database of IP addresses that should not be sending email directly to remote mail servers. This policy is set by participating ISPs. Such IPs are typically dynamic assigned IPs, used by end-users that should be submitting email via their ISP's mail server.
• SBL Filtering Statistics - The Spamhaus Block List (web site) is a realtime database of IP addresses of verified spam sources (including spammers, spam gangs and spam support services).
• CBL Filtering Statistics - The Composite Blocking List (web site) is a list of IPs that are exhibiting characteristics which are specific to open proxies of various sorts (HTTP, socks, AnalogX, wingate etc) which have been abused to send spam, worms/viruses that do their own direct mail transmission, or some types of trojan-horse or "stealth" spamware.
• NJABL Filtering Statistics - The Not Just Another Bogus List (web site) is a list of known and potential spam sources (open relays, open proxies, open form to mail HTTP gateways, dynamic IP pools, and direct spammers).
• DNS Filtering Statistics - Sendmail uses DNS to check that mail servers sending messages have proper domain name system entries and that the domain name of message senders actually exists.
• Brightmail Filtering Statistics - Brightmail is a system that filters spam based on continuously updated rules. Symantec operates a 24x7 "spam center" that watches for spam and sends out rules to Brightmail mailwall servers to detect and sideline (instead of refusing, allowing the recipient to review the message if they choose) possible spam. It can make decisions based on the mail server sending the message, the sender of the message, or the content of the message.
• Phishing Filtering Statistics - Clam AntiVirus includes detection of common "phishing" targets. Phishing messages appear to be from a domain like a bank; the messages try to get you to enter login or other personal information on a web form to be used for identity theft.

Note: the DNS-based blocklists (SBL, CBL, NJABL) are applied to Received: headers in messages, in addition to the normal lookups of the sending server IP.

Virus filtering
This is the number of virus messages filtered.
The graph is "capped" at 10 messages/minute so that short-term peaks don't "drown out" the regular data.

Clam AntiVirus is an anti-virus toolkit for Unix. It recognizes a large variety of attachment formats and has rapidly-updated virus signatures for fast recognition of new viruses.


Connections blocked by method
This is the number of SMTP connections to HiWAAY servers blocked, broken down by the reason they were blocked. See below for a description of each method.
The graph is "capped" at 450 connections/minute so that short-term peaks don't "drown out" the regular data.


To see a graph of individual blocked statistics, select a method below.

• Connections per second - Spam servers (especially spam proxy servers) tend to open many connections in a short amount of time, driving up the server load significantly. This detects when a server is openening connections too fast and drops new connections from that server.
• Total connections - Spam servers (especially spam proxy servers) also tend to open many simultaneous connections (and keep them open), driving up the server load significantly. This detects when a server has too many open connections and drops new connections from that server.
• Pre-greeting traffic - Proxy severs (and some spam servers) do not follow the SMTP specification, and try to "blast" traffic across a connection without listening for responses. This detects traffic before the initial SMTP greeting banner message and drops such connections.
• Probable open proxy - Spammers sometimes use HTTP proxies that are not properly secured to relay their spam (and hide the true source). Such proxies typically send non-SMTP traffic over an SMTP connection (which is normally ignored). This detects such traffic and drops the connection.

Data collected and graphed with

Cricket Version 1.0.6

Script used to collect data available here.