How would you do that? Just state "IP xxxxx is a dynamic"?
First, I am not just focused on the Spam issue. Important though
that is I think we have to look to the general problem of trojaned
machines, hackers etc.
In my proposal I considered the following issues:
1) Is the IP address pooled, semi-static or entirely static?
This is very important when dealing with a hacker. A DHCP address
like my cable and DSL connections is static for weeks or months
at a time.
2) The bandwidth available to the port.
This does not need to be more than order of magnitude. If I am
getting 1Mb/sec of data from an IP port listed as a 28.8K
dialup I should probably consider the posibility of spoofing.
3) Is the port connected to the PSTN or other network gateway?
An attack from a residential cable connection is almost
certainly going to be a trojan. An attack from a dialup
is more likely to connect to the perpetrator.
4) What is the accountability relationship?
In the case of an enterprise that is managing their machines
directly we have a direct accountability relationship. In many
other cases such as an ISP or a university the relationship is
indirect.
5) Is the address meant to be in service?
6) How to make contact in case of a security incident?