Only a few ISPs - the most savvy and network-oriented (as opposed to
revenue-oriented) - seem to have any mechanism to detect and deal
with zombies.
It's very hard to deal with in any definitive way. How do you
distinguish
whether outgoing mail from a normally-reputable system is really still
legitimate?
You pick up the phone, and have a brief word with your customer. If he
hasn't any idea why his box is spewing a thousand mails a minute, you
have an opportunity to deal with the problem, starting with blocking
his outgoing SMTP. If he *does* know about it, then it's his
responsibility.
This isn't just hyperbole. This is roughly how my present ISP, Demon,
says it handles excessive SMTP output. This is also how one of my
previous ISPs alerted me to an inadvertent misconfiguration of my
website, which was causing a type of DDoS on their webserver via a
stack of poorly run Squid proxies.
--------------------------------------------------------------
from: Jonathan "Chromatix" Morton
mail: chromi(_at_)chromatix(_dot_)demon(_dot_)co(_dot_)uk
website: http://www.chromatix.uklinux.net/
tagline: The key to knowledge is not to rely on people to teach you it.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg