One area where this might cause additional problems (even for those who successfully block ALL these spams) is tarpitting settings. Basically, many servers will place the IP address of the sending server into a tarpit if that server just got finished attempting to send X number of viruses or spams within Y number of minutes or seconds. Before, if that IP address was a dynamic dial-up IP address, it didn't really matter if it was tarpitted. However, if that IP address is a major ISP's mailserver, this alone could cause other mail to get blocked.
Basically, the main purpose of tarpitting is to minimize DOS-like attacks. (Even if a DOS-attack wasn't the original intention of the malicious sender... it still can slow down a server to have to process 10,000 spams in one day from one single source.) I think that a happy medium might be to continue tarpitting, but lower the time it takes for the IP to be removed from the tarpitting list. This way, the server is protected from short intense bursts, but doesn't keep the IP listed long enough to do too much collateral damage. Any comments? Suggestions? Rob McEwen PowerView Systems
