Is the spam SMTP meant to be originating from the McColo ranges or is it
being used to control other machines elsewhere?
If they're originating the SPAM then is it sufficient for a transit
provider to provide service but block tcp 25/465 etc and make then pass
outbound email to something capable of cleaning it? Or are they doing
more than just SMTP?
Alternatively it seems a strategic advantage for a large amount of spam
to originate from a single location with a small range of IP
addresses. We could all just block tcp 25/465 at our borders for their
ranges and/or just to our mail clusters. Although the last might leave
customer mail servers vunerable, but at least no one could accuse us of
filtering them (sore point in Oz at the moment!).
MMC
--
Matthew Moyle-Croft - Internode/Agile - Networks
