Kenneth Porter wrote: > <http://www.technologyreview.com/communications/23086/page1/>
> 1) They compare the geodesic distance of sender IP address from senders > of previous spam and from the receiver. Spam senders tend to cluster > together and be far from the recipient. > 2) They look at how many open ports are on the sender. (Few ports > indicates a bot-controlled zombie spammer.) > I'm wondering how hard it would be to implement this inside MD, perhaps > passing the result as tokens in custom headers to SpamAssassin for > scoring. In CanIt, we use geolocation to determine the country (and city, if possible) of the sending server using the data from Maxmind. We tokenize country-codes and city names. However, we don't look at the distance from the sender to the receiver. It looks like a very interesting idea! Btw, here are the top-5 spamming cities as reported by our customers: 5. Suwon, Korea 4. Odessa, Ukraine 3. Changchun, China 2. Dong, Vietnam 1. Kazan, Russia (However, more spam still originates from the United States than from any other country.) > Both operations look potentially expensive, and port-scanning > the sender means all our legitimate senders will soon see regular port > scans. Yeah, the port-scanning looks troublesome, especially if you do it in real-time. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
