mouss wrote:
Kelson wrote:
Rob Sterenborg wrote:
SM wrote:
The spam content shouldn't even be getting through as the recipient
address is invalid.
Unless you don't know who your recipients are, which may be the case
when operating a mailrelay. (I'm not saying that such situation is
optimal...)
Or unless they send to a mix of real and bogus addresses. It could be
worth blocking them from hitting any real addresses after they've hit
a couple of spamtraps.
while some people can afford to block a large ISP, many of us don't.
So run some heuristics before deciding to block an IP. Factor in other
criteria. It doesn't have to be a snap judgment on one piece of data.
We're on the SpamAssassin list, after all. The whole philosophy of
SpamAssassin is to take a bunch of signs that, individually, might not
be enough to make the call, but taken together can be reasonably
accurate. Surely that philosophy can be extended to tactics other than
message analysis.
How about...
Using it to greylist instead of blocking?
Or looking at the rDNS and trying to determine whether it looks like a
mail server?
Or only blocking it if it appears on a list of dynamic IPs (assuming
you're not blocking those IPs outright)?
Or whitelisting those large ISPs?
Or looking at your own recent traffic from that IP, and only blocking it
if you don't see any legit traffic?
Or adding points to the SA score the next time the IP shows up instead
of blocking it?
--
Kelson Vibber
SpeedGate Communications <www.speed.net>
