Len penned: > So I figure 10, or even 5, "unknown users" is per SMTP session is > sufficient to detect reliably that this ip is an attacker.
Five is also what Terry uses in his experimental project so I guess that, empirically, it's a good ballpark figure. > Can you imagine a valid list server sending your Imail box 5 or 10 bad > users in one SMTP session? not very realistically Not a valid list server but there are broken, legitimate, mass-mailing programs that might do so. Of course, the result is the same: blacklist them. As I see it, the operative wording is "per session". I have seen innocent human users repeatedly (>5 times) try to send to a non-existent user at some domain but obviously on separate sessions. Kind of like impatient people waiting for the elevator who keep pressing the button as if, somehow, the elevator will take notice... But this is getting off-topic, Guy To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
