Was watching the Spam Conf. webcast at http://spamconference.org/ and there was by Bill Yerazunis entitled "Beyond 99.9% accuracy", and one idea that he mentioned using information such as evidence of dictionary attacks, or messages sent to a mail "land mine" (honey pot) as way of improving on the accuracy of spam determingation.
Although not discussed directly, it seemed like this idea could be combined with grey listing. The idea would be to hold off acceptance from an IP/user that hadn't been previously recorded/validated long enough to give time for additional mail to come in via either a honeypot, or to determine that a dictionary attack is underway. Once it was determined that the IP is being used to send spam, it could be black listed, so that a subsequent attempt would be denied. A couple of complications with this proposal: (1) since spammers are increasingly using zombies running on unsuspecting DSL/dialup users' PC's, it is quite possible for the spammer to fan out over several of these intermediate PC's to make it difficult to single out one IP as an offender. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
