what I meant. I am not talking about an ISP filter words. What I mean is it wouldn't take a rocket scientist to know which ISP companies are allowing spammers
example, from one MX for 24 hours yesterday, the qty of SMTP session per domain.tld:
use the lines I've marked "legit", then consider the size of their legit user ans how many connections AOL made to the server, then compare with the SMTP sessions from the network operator domains who all have comparatively minuscule users vs AOL, and you see the magnitude of the "subscriber network" problem:
Host/Domain Summary: SMTPD Connections (top 60)
connections time conn. avg./conn. max. time host/domain
----------- ---------- ---------- --------- -----------
10691 10:38:05 4s 142s comcast.net
6861 6:07:02 3s 140s rr.com
6696 4:18:23 2s 123s aol.com < assume legit
6027 9:14:21 6s 1055s pacbell.net
5979 1:01:21 1s 52s yahoo.com < assume legit
5608 0:03:05 0s 5s usd232.org
4765 6:06:33 5s 323s ameritech.net
4525 8:25:04 7s 24s acernautic.com
4240 6:22:56 5s 2142s charter.com
4131 3:31:03 3s 231s verizon.net
3294 1:04:06 1s 108s bellsouth.net
2934 0:17:53 0s 4s outpeake.com
2803 4:07:12 5s 218s dsl-verizon.net
2695 0:27:39 1s 45s hotmail.com < assume legit
2630 2:42:35 4s 153s swbell.net
2581 0:13:30 0s 16s charter.net
2577 0:17:17 0s 7s rts.edu
2389 2:27:38 4s 83s attbi.com
2341 5:50:10 9s 162s auna.net
2268 4:54:39 8s 90s blueyonder.co.uk
2203 0:15:11 0s 15s earthlink.net < assume legit
2159 0:11:32 0s 3s nobleguild.com
1990 3:47:18 7s 63s proxad.net
1945 1:57:30 4s 477s mindspring.com
1889 2:11:46 4s 77s bbtec.net
1854 4:00:26 8s 12s asandox.com
1778 1:56:45 4s 63s shawcable.net
1718 1:55:35 4s 96s adelphia.net
1656 7:16:50 16s 192s rima-tde.net
1575 0:05:37 0s 3s ihomefinder.com
1535 4:14:14 10s 191s t-dialin.net
1475 2:29:50 6s 144s whambambrands.com
1408 2:48:31 7s 131s virtua.com.br
1367 0:18:39 1s 4s tendermist.com
1308 3:39:28 10s 70s anteon.com
1274 0:10:53 1s 16s blackberry.net
1181 3:31:50 11s 108s telesp.net.br
1164 1:51:45 6s 12s dartmail.net
1070 2:21:06 8s 19s bevivek.com
1057 0:07:11 0s 11s bocanetworkservices.com
1044 0:09:59 1s 15s ohthatsfunny.com
1031 1:01:13 4s 1039s cox.net
1019 3:30:33 12s 151s ono.com
974 2:03:36 8s 65s hinet.net
967 1:48:17 7s 17s golfshore.com
956 1:56:39 7s 13s havagreatday.com
948 0:04:38 0s 6s blue-mx07.net
912 1:29:20 6s 70s rogers.com
899 1:36:50 6s 51s villner.com
870 0:37:52 3s 47s qwest.net
862 2:02:49 9s 69s hkcable.com.hk
836 0:46:58 3s 32s charter-stl.com
833 1:07:00 5s 51s ocn.ne.jp
785 1:11:49 5s 1428s covad.net
754 1:12:05 6s 9s m0.net
743 0:03:01 0s 4s hotqualitydeals.com
730 0:59:43 5s 70s charterpipeline.net
727 0:12:53 1s 12s elementum-inc.com90% of the above is abuse
and it wouldn't be that hard for them to monitor it and put a stop to the true spammers.
hard or not, the above have been spewing for years, so expect them to continue spewing and NOT blocking port 25 access from the above networks.
I've looked at this activity by looking at the PTR domains of IP that get greylisted (non-MTAs that don't retry even once). Exactly the same networks.
It would only require a few samples per IP that is mass mailing. Easy to detect which IP's are mass mailing.
You really have no idea. The above network operators have many 1000's of IPs spewing 24x7.
Len
_____________________________________________________________________ http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
