What surprises me is that law enforcement agencies haven't gone after perhaps a few dozen compromised servers, run a packet sniffer, and checked to see what IP(s) are controlling the compromised servers.
The reason is probably because these machines are generally hijacked from countries where you would have a real hard time serving the IP owners with papers. When I moved to scanning on multiple hops, my SBL hits increased by about 33%, probably because of zombies being controlled from such space and where the zombie is simply relaying instead of being directly hacked (therefore exposing the previous hops). Just guessing of course.
Matt
--
===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
