On Fri, Aug 23, 2013 at 07:45:59AM -0400, Barry Leiba wrote:
That said: have you done a feasibility study on this? Have you tried
putting into your inbound SMTP server, recorded the results, and
analyzed them to determine the effectiveness and false-positive rate?
Not yet, I need to have enough spam mail to test on. For the good mail
I could probably just use my mail archive.
Last I checked this (four years ago, as part of a broader survey on best
practices), I was startled by the number of zombies that listened on
port 25 and answered an EHLO response. Open relays, same problem. It
wasn't huge, but it was enough that I'd never consider using it for
The range of legit senders that split their inbound and outbound
traffic, OTOH, is enormous. Besides the Big Guys, you'd need to include
every legit ESP I know of, including most of the cloud-based filter
ietf-smtp mailing list