here's a paper on 'greylisting', which is a slightly sophisticated variant of the first-time denysoft plugin.
the basic addition is that it takes the sender and recipient into account. i guess this would solve the problem of a spammer hitting multiple addresses from a single ip.
http://projects.puremagic.com/greylisting/
It would also make the resulting database rather huge would it not?
I'd estimate the db would very quickly grow to the billions of rows level (for us - maybe not for smaller email providers).
Matt.
