Jump to content


Photo

Reporting - IP ranges being used for spam


  • Please log in to reply
1 reply to this topic

#1 Amit Patel

Amit Patel
  • Members
  • 8 posts

Posted 19 February 2019 - 11:54 AM

Cust would like to have a report stating that what IP ranges are being used for spammers sending out spam emails and have the percentage on what IP are being used that was being blocked or allowed to send the spam emails and have reports on these statistics. 



#2 RPDIT

RPDIT
  • Members
  • 3 posts

Posted 13 March 2019 - 06:57 PM

      Adding clarification (Barracuda Cust Service assisted me in starting this request).  I see at least 8-10 spammers in my logs which change both their domains and IP addresses every three days or so.  For IP addresses, they buy an entire xxx.xxx.xxx.0 subnet.  All 253 addresses.  They then send 10-15 messages on each individual IP, which gives the illusion they are not spammers.  Existing Barracuda reports use the full IP address, and since most reports list only the "top 50," big spammers potentially sending 2500-4000 messages every 3 days will likely never get listed.  Or if they do generate enough spam to make the top 50, a human still has to manually find the patterns which prove a given spammer has bought a full range of addresses as opposed to one or two single ones.

      Having one or more reports which aggregate at the third octet will let us catch the commercial spammers who are buying entire ranges at a time, and will allow us better tools to identify and block (both at Barracuda level and at router/firewall level) the egregious spammers.