I am so new to SA that I haven't even installed it yet. However I consider myself a "user expert" at receiving, reviewing and reporting SPAM; however, I am not a network expert at tracking it. But I do believe this.
I have reviewed the SA documentation and have reviewed the doc of many other tools as well. I believe a lot of wasted effort is expended on tracking where SPAM came from and not where it is going. i.e. They say the way to solve a mystery is trudge through the spin doctors and lies and simply "follow the money". If I could find some SPAM killing software that has a routine to scan the body text for URLs and trash anything with a URL pointing to China, South America, Korea, Pakistan, Ukraine, etc., almost all my SPAM would be eliminated. Can a routine be created to read the table that identifies IP address ranges and the owning domain body (ARIN, APNIC, LANIC, etc.) be used to quick flag SPAM like this? Why has no one jumped on this? What am I missing? Don
