spf-discuss
[Top] [All Lists]

Co-operative 'bulk mail' alerting

2004-08-16 04:40:59
It occurs to me that receivers with large numbers of subscribers (AOL, MSN
etc.), by caching and monitoring the source IP address of received messages for
a few minutes, can alert themselves to probable sources of spam, viruses, etc. I
think I've seen AOL say that they do this as part of their battery of anti-spam
activities.

Those of us with smaller domains cannot gain the same advantage from such an
alerting process - it needs 'scale'.

It occurs to me to form a 'club' of small-scale MTA operators. We find a way of
collating current observed activity, so that we can jointly be warned that a
host is spewing out large volumes of mail.

I don't plan any judgements about the messages, no spam vs. ham decisions, no
long-term history.

Just something very simple with, say, a 1 hour time horizon.

There may be some advantage in including in the alert details of any SPF test
results relating to the source.

This is much simpler and light-weight than GOSSiP.

I'm not asking at this time for comments on feasibility, desirability, etc.

My one question is:  Does anyone know of anything like this that's already out
there?

Thanks

Chris Haynes