Source IP blocking makes up a large portion of today's spam arrest
approach,
so we shouldn't discount the CPU benefits of that approach too
quickly.
I'm not sure where today's technology is in regards for caching the
first 1
to 10kB of a session....once enough information is garnered to
block, issue
TCP RSETs. If it's good, free the contents of the cache.
What's your interest in mopping up spam in the middle of the network?
Usually spam is viewed as a leaf-node problem (much to the chagrin of
receivers, actually).
Regards,
Ken
--
Ken Simpson
CEO
MailChannels - Reliable Email Delivery
http://mailchannels.com
604 685 7488 tel
