>As for greylisted IP's resending, we are beginning to see a >significant increase in the number of infected/trojaned subscriber >hosts resending.
I haven't seen this. >Enough so that we have moved greylisting a few notches lower in our >testing order. I always run greylising high. >Anyone care to share the domains that you SAV? We have kept our >pretty short thus far (hotmail.com and a couple of common national >ISPs) but I have been thinking we might get more bang for our buck >if we expanded ours. Rather than guess which @sender.domains are most frequently forged, another approach is to SAV: 1) all IPs w/o PTR 2) all IPs with a subscriber access PTR. 3 all IPs with a "foregin" TLD Len
