On Wed, 5 Mar 2003, Chris Lewis wrote:
The question is associating the messages to get your counts.
No, you just associate IP address to count. You can't possibly
associate to the message, because failed RCPT TO: commands never
get to the DATA phase.
A spammer merely needs to have a big set of open proxies/relays and
seriously randomize froms, and you can no longer generate counts of
anything because you can't associate report "a" with report "b".
It is quite expensive to gather a large set of open relays. If you're
sending out 500K messages, and you want to limit it to 1,000
messages/IP, you need to find 500 open relays.
Also, a lot of spammers are pretty unsophisticated and send from DSL
or cable-modem lines. This scheme would get them pretty fast.
Based on IPs and Froms, it'd be no better, and considerably worse
once the spammers notice and evolve.
We need experiments to tell for sure.
--
David.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg