- Most "infected user" spam is designed from the very beginning to be
difficult or impossible to tell _who_ is infected.
This wouldn't be useful for bots, but I could see it for stolen
account spam. I get a surprising amount of it -- every day after I
send out the spam reports, I invariably get back several responses
from postmasters saying, sigh, another phished account. For bot spam,
you can just block all mail from the IP, but for stolen accounts, the
system is OK, and it's just the one address that's spamming.
In my experience, it's not hard to tell the difference. With stolen
accounts, the address matches the received lines, and the received
lines generally have a familiar from of a webmail or Exchange server.
R's,
John
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg