In message <42112CC2.7010105@???>, Marc Perkel <marc@???>
writes
>After the first spam to 3 or more people I add the IP address of the
>host to a list. That list returns DEFER when the host reconnects to send
>more spam. Every hour - I empty the list. The idea being that just in
>cast there are non-spammers on that host then they only get delayed an
>hour rather than rejected.
So if $LARGE_ISP$ has a handful of compromised customers sending spam
through their "smarthost" you will, in practice, never reply anything
other than DEFER to any customer of $LARGE_ISP$ -- except for the short
period every hour when none of the bad email is at the front of the
backlog queue that $LARGE_ISP$ has waiting to send you
In order to simulate quite how bad this will be, I suggest that you
assume that $LARGE_ISP$ will typically have about one compromised
customer per 10,000 users, but they are sending you anything up to
5,000 times the volume of any individual customer. Given that 1% of
$LARGE_ISP's customers send you email in any given hour you can now
calculate how big $LARGE_ISP$ needs to be before you never hear from
them again...
>So - anyone have any thoughts on this idea? And interest? So far the
>code to do this is really simple.
should be simple to skip out then :)
- --
richard Richard Clayton
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. Benjamin Franklin