here's a paper on 'greylisting', which is a slightly sophisticated variant of the first-time denysoft plugin.
the basic addition is that it takes the sender and recipient into account. i guess this would solve the problem of a spammer hitting multiple addresses from a single ip. http://projects.puremagic.com/greylisting/ jim
