Alan DeKok wrote:
Jose Marcio Martins da Cruz <Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr>
If I look at our mail server who's sending spam, I can see that most of
them are doing only very few connections a day : one, two or three. Very
few gateways do more than five connections. - I'm talking about a
mailserver with some thousand users and about 50 K connections a day.
This may indicate that many spam is sent by a distributed system of
workers, and not by open relays.
I've been seeing that for ~4 years now: 100's to 1000's of machines
originating spam. Lately, though, it's been hitting 10k IP's.
Is it reasonable to consider that there isn't a limit on the number of
IP addresses on a blacklist ?
Hard drives are cheap. 2^32 is a comparitively small number nowadays.
The larger problem is that th eblacklists may well end up listing
20-50% of the IP's on the net. That's another issue, which won't be
solved by blacklists.
We may consider switching from blacklist to whitelist or "mixed list".
if IP itself is listed then return its status
if IP is located in "bad neighborhood" the return "bad IP"
return "good IP"
Andrzej [en:Andrew] Adam Filip http://anfi.freeshell.org backup:
Asrg mailing list