Hi Mike,
At 08:50 13-06-2007, Mike Kenny wrote:
>we weren't sending anything. We are an ISP providing email services
>to a large number of users in South Africa. Some of these users may have:
>mis-remembered an email
>mis-typed an email
>sent to an acquaintance who had changed email provide (maybe because
>they weren't receiving their emails :-)
>responded to a forged spam

The above should not cause a block unless you don't send a lot of
"valid" mail to the provider.

>been abusing our system

As you are an ISP and you are servicing an area which has a lot of
lawyers, the amount of abuse can be significant. I assume that you
have taken measures to detect and keep that type of email to a minimum.

>but the possibilities cover a lot of ground. I have had a further
>communication from netzero asking that I check for email addresses
>that look unlikely. I am doing this, but apart from the fact that
>many of the large ISPs provide emails that look unlikely due to the
>appending of digits, we have over 10 official languages here and an
>address that looks unlikely in English may make perfect sense in
>Zulu or Xhosa.

It's difficult to check for email addresses that look unlikely. As
you said above, people may read the local-part of the email address
differently if they are using a language which is not
English. Consecutive digits may look like a dictionary attack and
trigger alerts at the receiver's end. A traffic analysis should give
you a better picture of what's going on.