From: "Theo Van Dinter" <[EMAIL PROTECTED]>
===8<--- Theo's note
A possibly better method is to block SMTP outbound from the ISP. There was a
paper at LISA '05 IIRC about dynamically blocking outbound SMTP based on
connection rates. Something about how infected/spam relay hosts have a large
number of connections/min but real users tend to send only a very low amount
of mail per minute, and the ones that legitimately send more can be
whitelisted.
===8<---
I understand that this is what Earthlink has been doing since some time
in the 90s. That's about when I first read something from them about
the rate limiting and legitimate exceptions in one of their newsletters.
With SMTPAUTH in use now they can also easily send the actual spewing
user a message about their abuse. I wonder if they go to that trouble,
yet. It'd be nice if they, and everybody else, did so.
{^_^}
