Richard Clayton wrote:
>>In message <42112CC2.7010105@???>, Marc Perkel <marc@???>
>writes
>
>
>
>>After the first spam to 3 or more people I add the IP address of the
>>host to a list. That list returns DEFER when the host reconnects to send
>>more spam. Every hour - I empty the list. The idea being that just in
>>cast there are non-spammers on that host then they only get delayed an
>>hour rather than rejected.
>>
>>
>
>So if $LARGE_ISP$ has a handful of compromised customers sending spam
>through their "smarthost" you will, in practice, never reply anything
>other than DEFER to any customer of $LARGE_ISP$ -- except for the short
>period every hour when none of the bad email is at the front of the
>backlog queue that $LARGE_ISP$ has waiting to send you
>
>
I'm now thinking more in terms of temporilly blocking the from address
for an hour rather than the ISP. - still experimenting.
>In order to simulate quite how bad this will be, I suggest that you
>assume that $LARGE_ISP$ will typically have about one compromised
>customer per 10,000 users, but they are sending you anything up to
>5,000 times the volume of any individual customer. Given that 1% of
>$LARGE_ISP's customers send you email in any given hour you can now
>calculate how big $LARGE_ISP$ needs to be before you never hear from
>them again...
>
>
Large ISPs usually have mant servers. I doubt delaying one of these for
up to an hour would kill everything. But you raise a good point.
>
>
>>So - anyone have any thoughts on this idea? And interest? So far the
>>code to do this is really simple.
>>
>>
>
>should be simple to skip out then :)
>
>- --
>richard Richard Clayton
>
>They that can give up essential liberty to obtain a little temporary
>safety deserve neither liberty nor safety. Benjamin Franklin
>
>>
>
>
--
Marc Perkel - marc@???
Spam Filter: http://www.junkemailfilter.com
My Blog: http://marc.perkel.com
My Religion: http://www.churchofreality.org
~ "If it's real - we believe in it!" ~