This thread made me take a fresh look at some of my earlier scribblings, mostly http://bsdly.blogspot.com/2014/02/effective-spam-and-malware.html which has grown an addendum with a fresh graph of connection lengths based on what was available on the spamd boxes where I have the liberty to do what I want with log data. Also, a few links to useful resources such as http://bgp-spamd.net/.
I hope you find this useful. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
