Scott, One of the protocols we're developing for SortMonster includes a waiting period for messages from untrusted/unknown servers. The idea is that if the message or it's source are producing malware or other unwanted content then a delay would give detection systems and filters a chance to adapt.
It seems like it might be possible for Declude to implement a tool like this without a huge effort. Please correct me if I'm wrong. The protocol is simple. Maintain a hash table of previous mail sources. When a message arrives which is not in the table, move it to a delayed processing queue. After a user defined period of time (from a few hours to a few days) the messages in the delayed processing queue are processed as if they had just been recieved. In theory, messages from a spammer moving to a new domain, ip, or routing would be delayed by this protocal. By the time their messages were processed the ip4dns lists, content filters, and other tests would have adapted to their new configuration so their message would be blocked. Any legitimate content would be untouched with the exception of a delay on the first message. Sources for messages that do get blocked for any reason are removed from the "known/trusted" list so that their content continues to be delayed. A more sophisitcated implementation would adjust the delay based on the circumstances. This protocol is intended to adapt to spammer's increasing practice of rapidly moving to new domains in order to take advantage of the delay in ip4dns list detection. Is this something that would be desired/possible/practical for Declude to implement? Thanks, _M Pete Mcneil (Madscientist) President, MicroNeil Research Corporation Chief SortMonster (www.sortmonster.com) --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
