On Mon, 30 Nov 2015, David B Funk wrote:
These "snowshoe" spams are a bit difficult to nail because they keep hopping around. After a day or two they're listed in various RBLS (both for the IP and URL hostname) but they rarely sit still long enough for that to help much.
In that vein: is your environment such that you can implement greylisting and delay accepting mails from new correspondents for a bit, to allow the RBLs to recognize them?
This will also cut down on spammers that don't do retry. -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- 15 days until Bill of Rights day
