On Tue, Apr 01, 2003 at 04:43:57PM +0100, Matt Sergeant wrote: > I didn't invent this idea - lots of people have suggested it before now. > It's just dead easy to implement in qpsmtpd... The theory is that spammers > don't queue - they fire and forget. The only system that would queue is an > open relay, and those seem to be few and far between these days.
I'm dubious about the utility of this scheme, given that it only works with direct-to-MX spammers, who tend to originate from negligent ISPs and hence would exhibit a fair degree of address locality. You could improve it some by aging out entries in the table, but at the expense of ongoing delays in legitimate mail. In terms of maximizing true-positives, this might work a bit better hashed on the MAIL FROM value, which in spam tend to be either entirely random usernames on the front of a webmail provider, or one-shot addresses. However, it'd make trouble with VERPs, BTSes, etc. -- Devin \ aqua(at)devin.com, 1024D/E9ABFCD2; http://www.devin.com Carraway \ IRC: Requiem GCS/CC/L s-:--- !a !tv C++++$ ULB+++$ O+@ P L+++
