I signed up for knujon and began reporting in late December. In January it occurred to me that I should keep track of how many spams I receive each day. I thought I would share the data I have collected so far. It's not enough yet to draw a conclusion, but there does seem to be a downward trend.

Spam Chart.png
Description:
Filesize:	24.57 KB
Viewed:	82 Time(s)

Welcome to the CC Forum.

I have sent spam to KnujOn for about 1½ years, but it has never occurred to me to count my daily spam. But it's a good idea, and if I had, I would be able to prove my feeling that the spam levels on all my accounts are slowly getting down.

yea, I never really kept track either, but it has it's ups and downs. Sometimes it's 50 a day, sometimes 20...sometimes 100

Something interesting too....Storm peaks at 10.... - makes sense I guess...

Atleast we know some of the infected actually do shut their computer off

Oh yea, we heard that last month, when they lost a huge chunk of the storm due to nameservers finally going offline, right? heheeh

Thanks for the welcome. My goal in doing this was just as you said, to either confirm or not the feeling that spam was declining. Wouldn't you know the day after I posted this chart, the amount of spam I get in a day shot up and has been rising ever since. I will post an updated chart here about once a week.

Spam will go up and down.

Also, keep in mind, with the "opt out" feature enabled with KnujOn, Knujon will send out opt out requests on your behalf.

Though, I'm not extremely sure how they do these opt out requests..

But the way I look at it, they already got my address, so why not show them I care by revealing my address to them by unsubscribing (well, letting Knujon unsubscribe me...really).

Sure, they may see woo hoo, it's an active address?! So they spam me more; and the pile of evidence just keeps getting bigger and bigger Until they finally get "trapped" and get thrown in jail, fined, or ....killed (lol...joking, but everyone dies eventually, even spammers)?


On the other hand, taking down a spammers domain, doesn't "clean" the computer sending the spam. Which is why it's a multi-tiered effort. I'm sure it's a simple command on the "command and control" side, to switch botnetted hosts over to a new domain name. But eventually that domain will be shut down too.

A lot of that is true and I hate to sound negative. Money makes the world go around, not just for spammers but the few stupid registars that will not likely act against the spammers unless legally forced to do so by authorities. For some of these registars, the spammers probably represent 90% of their business, which means a good loss of profit and revenue for the registars if they give the spammers the boot, so in a way this is kind of symbiotic win win situation for both the registar and the spammers. This is only speculation on my part, and the only evidence that points to this is highly circumstantial. But take a look at the new spam name servers that are constantly emerging and take a good hard look at the registars involved. Notice a common theme. I see at least one, without mentioning names of registars involved. Why would a spammer continue to registar new name servers with the same registar unless the spammer already knows which registars s/he can safely hide behind.

Bottom line, authorities on a global scale really need to crack down on the many spam friendly registars and this will likely put a major dent in spammer activity. Until then, this will continue to be an uphill battle of cat and mouse.

yep, and that's one of the reasons Complainterator was created, to show the registrars the evidence, and information that it IS possible for them to take control of their registered domains.


But yea, when they kill a spam domain, I'm sure they also lose that money....

But I've also seen some "refunded domains" lists when doing domain name research (for complainterator evidence....) - makes me go, WTF? The REGISTAR "refunds" the spammer for "breaking" their ToS? That just don't seem right....lol.

I wish I could find the link now, but it contained a whole list of "refunded" domains, one or two of which I personally remembered from seeing in spam e-mails I received.

http://www.refundedlookup.com/content_pages/refunded_info/refunded_info.php looks like it might be "similar" to what I saw, but I dont think that's the same site.

Here is this weeks chart

image001.png
Description:
Filesize:	26.17 KB
Viewed:	63 Time(s)

It might be also helpful to know what other service(s) you are using. SpamCop, SIRT, manually sending off Complainterator reports? etc.

They all "add up" to great evidence, as you will notice a lot of the "heavy hitters" (high instances tally) are the ones that are "dead" the most So I think eventually the registrar just gets tired of seeing reports and suspends them, or who knows, maybe they expire..lol.

You're absolutely right, I have been using Spamcop quick reporting for well over a year. the effect from spamcop reports seemed to have leveled out quite some time ago, although it had been very effective the first time is used it back in 2004. SpamCop and Knujon are the only services I use.

I have turned off knujon's automatic unsubscribe feature because I am sure that everything I submit is unsolicited. I do not obfuscate my email address in spamcop reports.

My setup is almost entirely automated, using applescript and MS Entourage, so that email messages that score high on my spam filter are automatically reported without me having to do anything. (I have set the threshold for automatic reporting high enough that I have less that 0.01% false positives.)

The email account I am keeping statistics for is a .edu email address. The university uses a barracuda spam firewall which I have configured to tag and forward spam to me instead of quarantining it. (I always thought that spam quarantines were more annoying than the spam anyway, having to log on to a different place just to make sure nothing useful got caught.) The spam firewall is actually very configurable, which makes optimizing the spam score tolerance a breeze.

One thing I have noticed is that my "pending suspensions number has not gone up since several days before the spike you see in the chart.

Here is the latest chart

image001.png
Description:
Filesize:	38.36 KB
Viewed:	45 Time(s)

I don't know if this is due to KnujOn, but my junk mail has dropped dramatically this week. Here is the latest chart.

image001.png
Description:
Filesize:	48.01 KB
Viewed:	52 Time(s)

Latest Chart, Spam has stayed low for several weeks.

image001.png
Description:
Filesize:	55.68 KB
Viewed:	56 Time(s)

You aren't using AT&T email, by any chance, are you?