Where Has All My Spam Gone?

An anonymous reader writes "I have my own domain, which has its own email server, where I receive all my personal email. I've been getting about 800 emails a day, of which perhaps 20 are real. Suddenly, Sunday or Monday evening, the spam pretty much stopped. My volume of mail has plummeted to less than 100 a day, and as far as I can tell, I'm not missing any real mail — I'm still getting the email list subscriptions I'm expecting, and every time I ask someone to send me a test message, it gets through. My domain host insists that it doesn't do any spam filtering before mail gets to my inbox, and that they've changed nothing about their configuration. I run SpamAssassin on my server to mark, but not delete, spam, and download the whole mess to my home client, and I'm still seeing the occasional message tagged by SpamAssassin. But it's virtually all gone. And I haven't changed anything about my own mail configuration, or the harvestability of my site (my personal email has been harvestable for almost a decade). So what's going on? I can't believe that several major botnets would have vanished overnight. Any ideas?"

Hmm

[geminidomino]

*Checks mail logs*

Yeh, you need to ask the ISP again. No sign of slowing here.

Re:Hmm

[urbanriot]

Agreed. No changes in spam over here, my domain is still receiving the daily average of about 100 per day.

Re:Hmm

[ElizabethGreene]

A group of the original SpamAssassin developers got together with a group of mercenaries and created SpammerAssassin. It's in alpha, and looks good except it seems to have started a teeny-tiny war in the eastern bloc. Oops. They have an open bug ticket on it.

:D

Re:Hmm

[Southpaw018]

Thirded over here. Solid 7000/day for months (small business).

Re:Hmm

[oldspewey]

Seriously though ... if spammers started turning up dead where would the police even begin their investigation? There's only a pool of what, half a billion suspects?

Re:Hmm

[VenomPhallus]

Yup, and here; still getting 250 a day+ or so.

Maybe they finally clicked that you've already got a huge penis and legendary bedroom performance?

Re:Hmm

[tha_mink]

Perhaps the botnets are busy fighting amongst themselves, vis a vis the Georgia v. Russia conflict.

Re:Hmm

[y86]

Agreed. No changes in spam over here, my domain is still receiving the daily average of about 100 per day.

You should REALLY consider trying postgrey.

http://postgrey.schweikert.ch/

Postgrey on non whitelisted servers rejects the first mail attempt with a fail. The sending email server will retry X times, but the 2nd time it accepts it and adds the server to the whitelist.

Postgrey will add a 5 minute lag to an email that's sending server has never sent an email to you. It's worth it to screw the spammers zombies over IMHO.

Also, I would check your postfix/whatever you are using for a mail servers policy. I get 0 spam emails now and my address is posted all over the web.

I do have spamassassin running as well with sieve filtering to put what is marked as spam in a junk folder but the junk folder is empty, every now and then I'll see something -- but very rarely. Like once every 2 months.

Here's my spam prevention system :-)

smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
    reject_non_fqdn_recipient,
    reject_unknown_recipient_domain,
    reject_unauth_destination,
    reject_rbl_client zen.spamhaus.org,
    reject_rbl_client bl.spamcop.net,
    check_policy_service inet:127.0.0.1:60000

Re:Hmm

[jdray]

Actually, I just checked one of my e-mail addresses that has historically gotten about a hundred a day, and the Spam bucket only has 26 for yesterday and similar numbers for the last couple of days.

I read recently about some big spam king (czar, whatever) that got arrested. I wonder if taking him out of the equation actually had an effect on the world.

Re:Hmm

[skolima]

+1 Insightful or +1 Funny? Tough call..

Re:Hmm

[Like2Byte]

Perhaps the botnets are busy fighting amongst themselves, vis a vis the Georgia v. Russia conflict.

Ok, Agent Mulder, settle down.

Re:Hmm

[xtinct]

yeah, that guy got arrested & sentenced to minimum security prison.

then he proceeded to escape, kill his wife & baby daughter (a teenager escaped) and then himself.

pretty crazy, no?: http://www.dailycamera.com/news/2008/jul/26/spam-king-murder-suicide-surviving-daughter-in/

Re:Hmm

The Russian spammers can't get bandwidth because the military is busy using it against Georgia.

Re:Hmm

[j-cloth]

A huge second to PostGrey. It kills 90% of my incoming spam before it even touches spamassassin. However, I have noticed a few people who receive failure messages from their mail systems telling them that they've been greylisted before the mail goes through. Then uppy-ups whine to me.

Re:Hmm

[sexconker]

Every single day I get 4 or 5 copies of the "Paypal Dispute Transaction" shit.

Re:Hmm

[petermgreen]

I use greylisting, it reduced spam to almost zero for a while but then it gradually climbed back to previous levels and more.

Re:Hmm

[swb]

There's something to that, even if the original poster's claim of not having spam anymore is local to him through unknown upstream changes.

Its long been suspected that the Russian government and Russian organized crime have cooperative links, if not outright overlapping "membership" (Putin is FSA/KGB, and its well known that ex-KGB members have been deeply involved in the Russian Mafia).

With this in mind, its not hard to speculate that if botnets controlled by Russian organized crime were put use against pro-Georgian assets, the ensuing defenses, publicity and exposure at the political/military level could possible cause these botnets to be far more vulnerable than they otherwise would be in the course of normal criminal activity.

This higher level exposure might lead to weakening them and reduce their effectiveness at normal tasks like spam.

Its also possible they may also be overutilized and prioritized for cyberwarfare and not for spam.

Re:Hmm

[Random+BedHead+Ed]

Oh ... so you're address is bill@billrocks.org? Interesting ...

Re:Hmm

[Random+BedHead+Ed]

Not sure if we've exchanged comments before, but I have some genuine replica watches of the finest quality.

Re:Hmm

[Random+BedHead+Ed]

Also, visit my Canadian Pharmacy online drugstore to choose from a great selection of products of high quality produced according to the strict pharmaceutical standards.

Re:Hmm

[DriedClexler]

After I read this article yesterday (single page), that's what I thought: given all the spammers that are Russian, there's a chance there might be a slowdown in spam as patriotic Russians "pitch in" by helping DDOS Georgian resources.

It's pretty amazing if you read that article how easy it was for just an average person to find out how to "volunteer" for the Russian army: independent helpers have made it so you can find out which Georgian sites you should ping in order to maximize your effectiveness, and have programs that you can download that do most of the work with minimal hassle.

However:

a) According to most posters, spam hasn't actually abated.
b) Spammers wouldn't do something as selfless as pitching in for their country.

Re:Hmm

[TTURabble]

So Saakashvili is getting 100 emails a minute about pen1s enlargement?

Re:Hmm

[wmbetts]

I use to read a lot of not so nice forums when I was really into Info Sec and I always heard them referred to as "The Russian Business Network"

Re:Hmm

[christianT]

IIRC SpammerAssassin is built on JBASH (Jason Bourn Again Shell)

Re:Hmm

[protolith]

is also getting far less spam now for a couple weeks

I think that's about to change.

Re:Hmm

[Dark_Gravity]

A good way to complement spam source filtering thru greylisting is to block home/dynamic IPs, ranges where mail servers arent supposed to be, but where are the majority of personal pcs (that gets owned by botnets). Spamhaus PBL i.e. have this particular target (or zen that combines this one with other known sources of spam)

Please don't. There is no reason that mail servers shouldn't exist on home/dynamic IP addresses. This is one area where I'm actually happy with my AT&T DSL service - they block outbound port 25 connections by default, but allow you to opt out of the blocking if you want to run your own mail server.

I disagree. If you want to run an outbound MTA, get a static IP and some reverse DNS. While not having those two things doesn't prove you incompetent, having them indicates that you may have a clue as to what you are doing.

With the unfathomable amount of zombie machines on dynamic consumer IP ranges, there is no reason for me to absorb the spam just to allow you to be cheap and lazy. If you can't be bothered to show some signs of being clueful, why should anyone be bothered to accept your email?

If you can't bring yourself to get a static IP with non-generic rDNS, you can always use a smarthost. Barring those two sensible options, I suspect most postmasters would view not delivering your MTA's emails as lossless compression.

Re:Hmm

[raju1kabir]

Unfortunately we live in an age where some sort of accountability is necessary before I'll accept your email. A dynamic IP address means no accountability, and it means your email doesn't get through.

As far as I can tell, the only people still self-delivering email from dynamic IP addresses are hobbyists who collect knives and home-school their kids, and whom neither I nor any of my clients have ever wanted to correspond with. I have never once received a report of email delivery problems that traced back to dynamic-IP blacklisting.

Don't get me wrong - when I first got DSL in 1999 I was thrilled about running my own mail server in the hall closet and did so for years. But times changed and I changed with them.

Re:Hmm

[HeavyDevelopment]

OMG that was funny....

Re:Hmm

[Lazyrust]

I would be happy to purchase those genuine watches but first I would need your assistance in moving a large sum of money out of the country of Nigeria. It seems that a rich uncle of mine has passed away this year and unfortunately his wife is unable to accept the money due to governmental restrictions. Therefore, if you would be willing in assisting me in transferring the sum of $5,000,000,000,000,000.00 I will be happy to give you 10% in return for your time and effort. In addition I will purchase all of your fine genuine replica watches of the highest quality. In addition, I will be in need of a great selection of products of high quality from your canadian pharmacy online drug store. Therefore, if you would be willing to send me your name, address, bank name and account number via email, I will be able to begin processing this information with his bank and will contact you shortly by international certified mail.

Thank you for your time.

Re:Hmm

[mea37]

But in Soviet Russia, bandwidth gets you!

Re:Hmm

[orclevegam]

Russian Business Network, or RBN, just happens to be one of the largest mafia run botnets/spam organizations. Seeing as the mafia more or less runs the government over there, it's a semi-legal (as in, no one's going to realistically prosecute them) business that operates a massive for-hire botnet. It's not the only one over there, but it is the biggest and most visible one, so a lot of russian botnet activity just gets labeled as RBN.

Re:Hmm

[Hatta]

Its long been suspected that the Russian government and Russian organized crime have cooperative links, if not outright overlapping "membership"

What is a government anyway but the most successful group of thugs imaginable?

Re:Hmm

[Capt.DrumkenBum]

Just download it already. Then they will stop bothering you. :)

Re:Hmm

[KillerBob]

Unfair moderation much? I hope you get metamodded back into positive, because that post is definitely not a troll. :(

Re:Hmm

[epee1221]

So, something of a modernized letter of marque?

Re:Hmm

[bhiestand]

Maybe they finally clicked that you've already got a huge penis and legendary bedroom performance?

If so, could I have your number, southpaw? (A Female slashdotter)

Don't let yourself be fooled. She's a slashdotter, she wants to know how you stopped the spam.

I'm getting it

[digitrev]

My spam has tripled over the past few days. So I'm not getting all of it, but I'm getting a chunk of it.

Re:I'm getting it

[ShadowBlasko]

Heh, we've got a virus running around the site lately that is titled "CNN Gold Medal tracker".

Sneaky ...

Re:I'm getting it

[SatanicPuppy]

We've been getting a lot of "reverse spam"...The organizational emails are necessarily public, so some enterprising Russian has harvested the entire set and is using them as "REPLY-TO" addresses, so we get all the bounce messages from their damn spamming.

It's all the fun of having an exploited mail server without actually having an exploited mail server. The mail doesn't actually come from us so we're not having any blacklist problems, but the floods of bounce messages zip right through the spam filters and piss off the users.

Re:I'm getting it

[PARENA]

Russian I was getting for a while, as well. Not anymore. /dev/null for anything with charset koi8-r or windows-1251.

CNN I was getting for a few days. Seems to have disappeared again.

Re:I'm getting it

[KillerBob]

I've seen a huge increase in both spam and particularly spam that makes it past my spam filter.

It's an arms race. They come out with a new message that tricks the filters into thinking it's real. The filters update and adapt. They rethink things and come out with a new junk message which sometimes succeeds, sometimes doesn't. When they find one that works, I start getting spam again until the filters adapt. Ad nauseum.

I've got my SpamAssassin filters set to update on a daily cron job, and it's always the same... Every week or two, I get a handful of spam messages getting past the filters. They're all basically the same. And it lasts for about a day before I stop getting spam again. So it comes in bursts for me, every time the spammers rethink the message they send out.

I've had my domain, and the same e-mail address for half a decade. My IP address did recently change when I moved into a new colo, but all of the DNS has updated already, so the spammers still know who I am. It's annoying. But it is manageable.

Re:I'm getting it

[nabsltd]

Don't you hate it that you have to deal with this sort of thing because some other mail server isn't configured correctly?

If all mail servers instituted the policy of "reject...don't accept then bounce", then there wouldn't be any blowback spam. Unfortunately, there is some MTA software that can't do the right thing without non-standard add-ons (qmail, I'm looking at you).

Re:I'm getting it

[growse]

Simple. Configure your mailserver to block all bounce messages unless they originate from a server that you've sent a mail to in the past 12 hours. Then you'll only get legit bounces.

Re:I'm getting it

[petermgreen]

and you will block quite a few legit bounces too for two reasons

1: 12 hours is nowhere near long enough
2: the message may be routed through multiple servers before finally getting bounced.

Okay

[morgan_greywolf]

And you're complaining because .... ?

Re:Okay

[kinzillah]

Perhaps he'd like to leave it to systems he controls? I, for one, would rather a third party weren't silently dropping mail that could be false positives.

Re:Okay

[qortra]

He isn't complaining. It isn't wrong to ask questions when things unexpectedly go well.

Re:Okay

[camperdave]

And you're complaining because .... ?

Without having the spam to process, the server doesn't run as hot as it's "supposed to". This causes a power imbalance, sending more current to the other servers and tripping breakers. Also, because of the lack of that heat, the server room is too cold. The UPS batteries are not storing enough of a charge as they are less efficient when they're cold. If a power sag, brownout, or blackout happens during one of these spam free moments, well, the results could be catastrophic.

Re:Okay

[rbane3]

I carry mace with me to mark, but not stop, my raper, and I'm still seeing the occasional rapper tagged by mace. But they're virtually all gone.

I see what you did there! Subtle insight of your views concerning the Hip Hop "artist"?

Re:Okay

[Hektor_Troy]

Mace? Screw maze.

Flurescent green spray paint is much better. Not only will you keep your assailant off of you, but you will also make it REALLY easy to pick him out of a line-up later.

Police: "Can you identify the guy who jumped you?"
Victim: "He's the green faced guy, crying on the corner about being blind."

Did you install Skynet 1.0?

[bugeaterr]

Did you install Skynet 1.0?

Hey, what's that siren going off for....

Re:Did you install Skynet 1.0?

[dlaudel]

Are you implying that Skynet was just trying to do us a favor all along by nuking the spammers? This changes everything!

Exactly.

[Lilith's+Heart-shape]

And you're complaining because .... ?

No kidding. I work as a sysadmin, and as far as I'm concerned, a spam-free day is an occasion to praise my patron demon and bring Him an offering of hookers and blow, not an excuse for an "Ask Slashdot" posting.

Re:Exactly.

[Arimus]

Assuming a third party isn't dropping your email... if they are then that's almost as bad the spam deluge - I'd rather be the one to decide what is spam than a third party who may or may not have a clue.

Re:Exactly.

[Minwee]

I, on the other hand, consider sudden, dramatic, and completely unexplained changes to the operation of systems under my control to be a reason to worry.

I'm just funny that way.

Re:Exactly.

[Bandman]

Amen.

It's like we speak the same language.

Change is good. Unexpected change is very, very bad.

Re:Exactly.

[ari_j]

Unexpected change can be good, too. It's unexplained change that worries me. An object in motion remains in motion until acted on by an external force. It's when Newton starts looking like a fool that I start to get concerned.

I can forward you some of mine if that helps...

[mattMad]

... just in case you desperately need to buy some cheap "medicine" :-)

Re:I can forward you some of mine if that helps...

[Noexit]

That might actually be a not bad idea. Sending him something that can be confirmed as having been sent, and as being spammy.

Because...

[Capt+James+McCarthy]

When spammers took over your box, they didn't want to flood it with their own mail.

One down

[canderley]

Per Ars, a 100,000 machine bot net was shut down recently. http://arstechnica.com/news.ars/post/20080814-police-nab-shadow-creators-force-botnet-to-commit-suicide.html

Re:One down

Did you read that article?
"Shadow appears to have been mostly confined to the Netherlands, as the messages and phishing hooks were all sent in Dutch, but had apparently infected some US systems as well, as the FBI is credited for assisting on the case."

Re:One down

[bearl]

Did you read the article? "...as the messages and phishing hooks were all sent in Dutch,..."

Since the original poster didn't mention what portion of his spam was arriving written in DUTCH, we can't say for sure, but it appears, as the article says (up near the top too!), this botnet, while large, was almost completely confined to the Netherlands.

I'll save you the reply too, should you go back and read the article, the rest of the sentence I quoted above says "...but had apparently infected some US systems as well, as the FBI is credited for assisting on the case." However it does say that ALL the messages were sent in Dutch.

Probably not our boy's spam.

Oops...

[bhamlin]

Sorry, we've been down for maintenance and it's taking a lot longer than we originally planned. You can expect normal service to resume by next monday.

Shadow botnet was killed recently

[Nimey]

http://arstechnica.com/news.ars/post/20080814-police-nab-shadow-creators-force-botnet-to-commit-suicide.html

That may account for some of it.

So it's become real...

[Seakip18]

Spam Assassin is actually assassinating spam.

On another note, has anyone heard from cousin who is a Nigerian prince? He hasn't called in days and we're beginning to get worried.....

those chinese spam factories are shut down ...

... to save the health of the athletes.

The Russians are busy in Georgia...

[NMBob]

...and the Chinese are busy watching 13-year olds win gold metals. Bob

We Can Test

[awitod]

We're happy to help you solve this mystery.
What is your email address?

We got bored of the joke

[Bogtha]

Okay, here's the thing: nobody but you ever got spam. We all just thought it would be funny to fool you into thinking there was some kind of worldwide scamming epidemic. You don't seriously think people would be stupid enough to buy pills off strangers who email them out of the blue, do you? I thought we'd gone a bit too far and stretched the limits of credibility when we came up with the idea for the Nigerian scams, but I was wrong, you even fell for that! Nobody is stupid enough to send all their money to a "Nigerian prince".

Anyway, enough's enough. The joke's stale now, so we decided to stop sending it all to you.

Spam has relatively few sources

[Toe,+The]

A large chunk of spam comes from a very small group of spammers. It may just be that you are only targeted by one of them, and he took a break recently.

Hang in there... he'll come back from vacation soon, and you'll be able to mortgage your penis to Nigeria again.

I Stole It

I'm holding it for ransom. You can have it back for $1,000,000.

A "Shadow" of their former selves?

[DCheesi]

Were the missing spam-mails mostly in Dutch?

http://arstechnica.com/news.ars/post/20080814-police-nab-shadow-creators-force-botnet-to-commit-suicide.html

"Shadow appears to have been mostly confined to the Netherlands, as the messages and phishing hooks were all sent in Dutch, but had apparently infected some US systems as well, as the FBI is credited for assisting on the case."

...

"Once Shadow was secured, the police contacted Kaspersky Labs about providing a means to neutralize the malware."

I can kinda confirm this.

[suso]

I run a web hosting company and over the past couple weeks I've had a few customers report that the amount of spam has dropped. Of course, they thought that this was something wrong, but I couldn't find any evidence of increased failures, it was just that there was slightly less mail coming in.

Still the same old same old

[Punker22]

We provide a spam filtering service, and our volume hasn't really changed much in the past week or two so perhaps whichever botnet was sending you all the trash went offline or just... stopped sending to you.

Botnets current tasked to higher priority jobs

[Wrath0fb0b]

http://it.slashdot.org/article.pl?sid=08/08/12/191255&from=rss
http://bits.blogs.nytimes.com/2008/08/11/georgia-takes-a-beating-in-the-cyberwar-with-russia/

When the crisis abates, I expect the botnets will be returned to their regularly scheduled duties. Quite a versatile tool those botnets -- pimping V!agr4, collapsing government sites, enhancing the male doodad, distributing pr0n, bullying your neighbors (http://news.bbc.co.uk/2/hi/europe/6665145.stm). For the cost of one M1A1 tank tread, Putin bought himself a whole lot of firepower.

Advantage: Putin.

Reality...

[Capt+James+McCarthy]

Without seeing your logs, most folks would be guessing. They symptoms you provide are not enough to make an educated guess. I would say to bump up the verbosity of your email server, SpamAssassin, and the system itself and then go from there.

Oingo Boingo!

[TheMiddleRoad]

When Slashdot has a real slow news day
Tell me where my spam's gone
When Nigeria no longer needs me
Tell me where my spam's gone
When trojan horse avoid my inbox
Tell me where my spam's gone
When penis pumps cease their pumping
Tell me where my spam's gone
When free porn streaming doesn't bug me
Tell me where my spam's gone
When people install virus checkers
Tell me where my spam's gone

headless botnets

[Lord+Ender]

We've been seeing botnets changing desktop background to an image alerting people that they are infected with a virus. Obviously a real spam botnet operator would not alert people like that.

My theory is that some grayhat wrested control of a major botnet, and is shutting it down from the source (and alerting the victims in the process).

We Apologize

[Sloppy]

Dear Sir,
We humbly apologize for the interruption in service. Please reply with your email address and our technical staff will get back to you.

Re:we are all doooomed

[Ethanol-fueled]

Naw, just that the Russians have shifted all their botnets' attacks toward Georgia.

Re:the russian business network is busy

[DCheesi]

they need the botnet resources for ddosing georgia

The sad thing is, you might be right...

Re:I have it

[Jedi+Alec]

No, no, no...

Im in ur mailserverz, eating ur spam!

Try forwarding spam through ISP

[IceCreamGuy]

Maybe you could forward some spam from, say, a gmail account to your address in question. If it doesn't make it through to your server then you have a definitive record to confront your ISP with. Or, if they do get through, maybe you should buy a lottery ticket because your the luckiest admin on slashdot!

I just checked one of our Ironport Servers

[Phil_at_EvilNET]

In a 24 hour period we've gone from a peak of about 75,000 messages at 9pm CST last night to a low of 40,000 messages incoming today, 97.3% of which are spam. Total for the last 24 hours on that single Ironport (we have 4 in production and one in the lab) is 1.4 Million attempted messages, of which 36.1 thousand were clean.

So all things taken into consideration, consider yourself fortunate. We're still seeing a trend that indicates that over 97% of all incoming mail is garbage.

-Phil

Here's a thought...

[swordgeek]

It's not too-well publicized, but the Russian Business Network (AKA spammer filth) have been using (renting?) a large chunk of their botnet space to attack Georgia. Here's a bit of detail.

Maybe they just didn't have enough bandwidth to spam the planet AND take down Georgia's systems through a DOS.

Black Hat

[machine321]

They all just got back from Black Hat / Defcon, and they're still hung over.

Re:Check

[MPAB]

I find your lack of spam disturbing ...

A communications disruption...

[ClientNine]

... can mean only one thing: INVASION.

Infected PC are offline during summer ^_^

[Kirys]

Most spam is sent by bot-nets, mostly composed by infected pc of workplaces, school and private homes. In many countries during the second and third week of August many schools and workplaces are closed so their pc are just turned off, this mean that the bot-nets have less active nodes and so are less effective. I do receive less spam too but I think that it will be back to the sad old amount at the end of the summer :(

Something did change...

[r_cerq]

I've just checked my work's logs (an ISP). The number of hits in the spam taggers fell from 12/sec to 3/sec earlier this week.

So either we're identifying less spam, or there is in fact less of it.

Obligatory

[T3Tech]

Are you sure your server didn't switch to spam, egg, sausage and spam mode? That's not got much spam in it.

Already going on.

[Medievalist]

Seriously though ... if spammers started turning up dead where would the police even begin their investigation? There's only a pool of what, half a billion suspects?

Spammers and virus writers employed by spammers to create their zombie pools have been turning up dead for almost two years now.

seriously bit more information ?

[johnjones]

well the first thing that scully would ask is ?

where is the scientific evidence....

so the serious question its nice that your spam level dropped but where/ip was it all coming from in the first place ?

regards

John Jones

http://www.johnjones.me.uk

Here's where your spam went

[buss_error]

1. If you've made no configuration changes or patches in the past week, that pretty much lets out program error.

2. If your ISP is saying they don't do spam filtering, then that pretty much lets that out too, unless your ISP is given to lying to you.

3. Others point to the cyber war between Georga and Russia. I'd think that those folks would have their own bots not associated with spamming, but I can't prove that.

4. It surpasses hope that all the sudden people cleaned up their pwon3d systems.

5. My spam levels have not dropped appreciably, and I not only have my own domain, but allocations as well.

6. I have noticed at times in the past that my spam levels do drop by 60, 70, even 80%. They always pick back up before too long. Enjoy a breif respite.