Alan DeKok wrote:
Jose Marcio Martins da Cruz <Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr>
wrote:
If I look at our mail server who's sending spam, I can see that most of
them are doing only very few connections a day : one, two or three. Very
few gateways do more than five connections. - I'm talking about a
mailserver with some thousand users and about 50 K connections a day.
This may indicate that many spam is sent by a distributed system of
workers, and not by open relays.
I've been seeing that for ~4 years now: 100's to 1000's of machines
originating spam. Lately, though, it's been hitting 10k IP's.
Is it reasonable to consider that there isn't a limit on the number of
IP addresses on a blacklist ?
Hard drives are cheap. 2^32 is a comparitively small number nowadays.
The larger problem is that th eblacklists may well end up listing
20-50% of the IP's on the net. That's another issue, which won't be
solved by blacklists.
We may consider switching from blacklist to whitelist or "mixed list".
Mixed list:
if IP itself is listed then return its status
if IP is located in "bad neighborhood" the return "bad IP"
return "good IP"
--
Andrzej [en:Andrew] Adam Filip http://anfi.freeshell.org backup:
anfi(_at_)xl(_dot_)wp(_dot_)pl
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg