I've been looking at the spam still getting through our filters and
most of it is from dialups not listed in the DNSBLs.
I noticed that it is common for dialup lines to have names with many
'-'s in them.
e.g.
Received: from [80.162.59.221] (helo=x1-6-00-00-b4-5a-56-60.k250.webspeed.dk)
I was wondering whether a workable spam filter would be one which
checked the last listed Received: header for a string which included
(say) 4 '-'s in the leftmost part of the domain.
Would this approach work as a way of identifying dialups?
