LinuxMagic BMS - Blacklist Mastering System - Statistics
Spam & BMS Statistics
Nothing speaks louder than statistics. We want to provide you with real world statistics of how our BMS system works. Here are some comparisons of the effectiveness of various public blacklists, of spam statistics in general, of the spam source, and how mail servers using the BMS system fair in the stopping spam.
We will be putting more and more statistics online when ever we can, and we are always glad to receive statistic reports from people using our products. If you have implemented the BMS Client Programs on your mail server, please feel free to share those results here. As well, if you are using the Complete BMS Remastering System for your own lists, and want to share those stats, we are also glad to have them, even if your lists are commercial or private. The idea is to stop spam, and if you feel your lists are better than the public ones, feel free to share them.
General Stats
Range of IPv4 Address Space represented by the blacklists provided here.
- At last count, the lists provided block 204,838,381 IP Addresses
- This is 4.77% of the total IPv4 Address Space
- This represents approximately 9.0% of the IPv4 Address Space that is assigned
- We block 50% of email from that 9%
Individual List Performance
Eventually, we will provide live statistics, but here are a few notes on our experience with individual lists provided, to help you select which ones you might like to activate.
SPEWS: These lists are not activated by default. By using SPEWS the listed ISPs will have more reason to address the issues that got them on the list, however in real world environments, several very large ISPs were blocked (ie Comcast and Shaw at one time), and too many users complained when they could not get mail from those places. Our only assertion in this matter, is that although we agree that ISPs need to pay attention to mail addressed to 'abuse@', so should the list maintainers make it easy for the ISPs to contact the list masters. Use it if you wish to take the high road. They have very valid reasons for listing ISPs.
NOTE: The information provided below is for statistical use only, and terms like 'offender' are not meant to indicate one network or company as in any way more responsible, or irresponsible than another, but are simply used to denote detected volumes of spam used in statistics. LinuxMagic only offers statistical evidence and does not make a comment against any particular network or country.
Source of Spam by Country
This is a quick listing of spam caught by the lists, by country. Note that we are just listing the top sources (you can contact us for a complete list). Note, that it isn't the total percentages that count, but the difference between % connected and % blocked.
| Country | % of Connections | % blocked |
 USA |
63.0% | 51.0% |
 Korea |
6.6% | 10.0% |
 China |
2.8% | 3.6% |
 Japan |
1.2% | 1.7% |
 Canada |
1.4% | 1.4% |
Another Country by Country Look
We did an analysis on a small Canadian ISP for one day and they received 33360 messages, of which approximately 98% was rated as spam. From their logs, we were able to determine the country of origin for xx% or xxxx connections. Based on that, we determined:
| Country | Number of Connections | % of Connections |
| USA |
17013 | 51.0% |
| Korea |
3336 | 10.0% |
| China |
1200 | 3.6% |
| Japan |
567 | 1.7% |
| Canada |
467 | 1.4% |
| Total | 33360 | 100.0% |
Korea: Statistical Snapshot
Because of the above high ranking of Korean Spam, we took the liberty of analyzing their Spam at our server. Most Korean Blacklists tend to paint the whole country with one brush, and block everything. We decided to look at the main offending ranges, and ask them for a DUL list, so that we can only allow legitimate mail servers, which have reputable representatives who work towards stopping outbound Spam. This is a list of a quick summary of the worst offenders on our network. (Remember, it isn't that Korea is any worse than any other country, just that they have the highest number of internet connected households)
Worst Spam Offenders from Korean NetworksSmall Random Sampling |
|
| Network Name | Number of Spams |
| KORNET | 133 |
| THRUNET | 62 |
| ENTERPRISENET | 18 |
| TACHYNET | 18 |
| SHINBURO | 12 |
| ISP-1 | 8 |
| DREAMPLUS | 7 |
| HANANET | 4 |
| KREN | 4 |
| PUBNET | 3 |
| KREONet | 3 |
| DITIZONE | 2 |
| KCNET | 2 |
| KTNET | 2 |
| VITSSEN | 2 |
| HANINTERNET | 1 |
| RayNet | 1 |
| HANVITINB | 1 |
| HIPASS | 1 |
| IN2FREE | 1 |
| KIDC | 1 |
| KNCTV | 1 |
| KOLNET | 1 |
| PUBNETPLUS | 1 |
| Totals: | 295 |
Kind of obvious which ISP's need blocking
China: Statistical Snapshot
In the case of China, because of the nature of the ISP, all mail connections were the result of spam, or spam bounces. Looking at their connections which were 4% of the small ISP's connections, we looked at these 1294 connections. We should point out that no attempt was made to identify how many spam bounces, were the result of Spam originating from China, and bouncing off of US servers. We were able to identify the network of origin for these connections , and broke them down into the worst offenders. In the case of China, we were surprised to see how many different networks originated the Spam. Possibly Windows Virus and Trojans are more prevalent there than we thought. 190 different network groups.. But we have listed the top of the bunch only. And here is a typical header from there.
It advertises BulkMailing to 28 million addresses :) Sent from:
inetnum: 222.136.0.0 - 222.143.255.255
netname: CNCGROUP-HA
descr: CNCGROUP Henan province network
descr: China Network Communications Group Corporation
Return-Path: <shawnm@surfy.net>
Received: (qmail 11568 invoked from network); 6 Oct 2004 02:16:22 -0000
Received: from unknown (HELO 204.244.205.4) (222.137.58.57)
by 204.244.205.4 with SMTP; Wed, 06 Oct 2004 02:16:22 +0000
Received: from 196.120.1.54 by 222.137.58.57; Sun, 19 Sep 2004 02:13:05 -0100
Message-ID: <CCTLTMXCWMWBBDEVPBIA@myresponder.biz>
From: "Mrs. Downs" <allgoods@cardtown.com>
Reply-To: "Mrs. Downs" <karenm@coolgoose.com>
Worst Spam Offenders from Chinese NetworksSmall Random Sampling |
|
| Network Name | Number of Spams/Poor Bounces |
| CHINANET-GD | 177 |
| CNCGROUP-BJ | 107 |
| CHINANET-SH | 75 |
| XINWANG | 70 |
| CHINANET-ZJ-HZ | 51 |
| CHINANET-JX | 49 |
| CHINANET-ZJ-WZ | 40 |
| CHINANET-AH | 37 |
| CHINANET-SN | 36 |
| CHINANET-JL | 31 |
| CHINANET-JS | 28 |
| CHINANET-HE | 25 |
| CHINANET-HN | 22 |
| CHINANET-ZJ-NB | 19 |
| CHINANET-SC | 18 |
| UNICOM | 17 |
| CNCNET | 16 |
| CNCGROUP-SD | 14 |
| Totals: | 1294 |
- IP Address Lookup
-
Check IP address against supported reputation lists.
- Products
- BMS