[Dshield] Extreme increase in spam attempts... any one else seeing similar event?

Fri Aug 17 14:25:53 GMT 2007

Hi

Since yesterday (16 Aug 6pm EDT) I am seeing a HUGE increase in spam 
activity:
sed -n '/^Aug 16 18/,$p' /var/log/smtpd.log | egrep 'Not allowed' | wc -l
   12110
sed -n '/^Aug 16 18/,$p' /var/log/smtpd.log | egrep 'Not allowed' | 
egrep UNKNOWN | wc -l
     480
(This is less than 24 hours ! )
vs
a previous 24 hour period...
sed -n '/^Aug 14 18/,/^Aug 15 18/p' /var/log/smtpd.log | egrep 'Not 
allowed' | wc -l
     115
sed -n '/^Aug 14 18/,/^Aug 15 18/p' /var/log/smtpd.log | egrep 'Not 
allowed' | egrep 'UNKNOWN' | wc -l
      38

The interesting factor is that the majority of this is coming from DNS 
registered hosts:
480 out of 12110 = 4% not registered
as opposed to 38 out of 115 = 38% normally...

Any ideas about what might be happening?

(Also note that these almost totally  don't have valid local
email addresses as the recipient, though the domain seems
to be correct mostly.
[This is from hand sampling so I don't have specific #'s])

C