German content only

Spam Meter

The goal of this project is to research how long it takes spammers to remove addresses, which have become invalid, from their databases. This might seem like a strange undertaking at first sight, but considering that spam is distributed using zombies these days, it will be interesting to see if there is any feedback channel to the master, and if there is, how efficient it is.

The project was initially started in mid October 2007 by disabling about a dozen addresses. There is no legit mail being sent to these addresses. All of them received a fair amount of spam when the project was started.

It turned out the spammers did not care about the delayed reject messages the server dished out. They either did not go by SMTP status code (550) alone or got confused by the 60 seconds delay.

Since March 21th, 2008 (now day 0), the reject message is the sendmail default ("550 5.1.1 Invalid address") without any delays. After this modification the amount of spam dropped dramatically within three days. But the decline almost stopped at 1500 mails a day. The next months will show if the numbers keep getting lower.

Total Per Day

Spam Sender Countries

The following graphs should indicate if there are any country specific approaches to address database maintenance. It might also be possible that spammers simply aquire zombies around the globe without any preferences, in which case all should behave the same.

Russia

US

Germany

Other

Comments
Wolfgang (Fri, 23 May 2008):
Übrigens: Es kann sein, dass China derzeit weniger spammt weil Olympia vor der Türe steht. Im Grunde wird der Spamm allgemein weniger auch bei Adressen, die gelesen werden.
Dave (Sun, 20 Jun 2010):
\"It turned out the spammers did not care about the delayed reject messages the server dished out.\"

I do not understand what you mean by this. Did the spam bots ignore reject messages that were delayed by 60 seconds? Or do you mean that the bots accepted the reject messages as valid, even though delayed?

A great experiment. I\'ll share it with others!

Dave
Dave (Sun, 20 Jun 2010):
Ah, I see that you do say that spam bots responded to the instant Error 500 messages.

Dave