On Tue, Aug 01, 2006 at 04:07:38PM -0400, Rosenbaum, Larry M. wrote: > A reliable DUL list would be good. If it were possible to determine if > an incoming STMP connection were coming from a server or an end user, > that might help get rid of the problem of spam from zombie PCs, which > seems to be a big part of the spam we get. Perhaps ISPs could be > persuaded to publish this information.
A possibly better method is to block SMTP outbound from the ISP. There was a paper at LISA '05 IIRC about dynamically blocking outbound SMTP based on connection rates. Something about how infected/spam relay hosts have a large number of connections/min but real users tend to send only a very low amount of mail per minute, and the ones that legitimately send more can be whitelisted. -- Randomly Generated Tagline: Fry: "They're great! They're like sex except I'm having them."
pgpJrgTfWChMX.pgp
Description: PGP signature
