Marc Perkel wrote:
> I'm trying out a new idea for blacklisting hosts. I have several email
> servers for processing spam. These servers service my lowered numbered
> MX records. I also have several dummy mx records that are higher
> numbered than my real servers. So in theory no one should ever hit the
> higher numbered servers. Especially when the IP addresses are on the
> same server as the lower numbered MX.
>
> But as most of you know spammers don't play by the rules and they try
> hitting the higher MX records first thinking there's less spam filtering
> there. So what I'm doing is counting hits by IP address. At the moment
> they have to hit it 75 times to get blacklisted. And it's all spammers
> and spam bots.
>
> Who thinks this is interesting?


When it works I think it will work great. That is what you are seeing
right now while setting this up and monitoring it. In this time it is
hard to imagine it not working right. I expect you to have great
statistics from it.

However the real problem is handling problems in the automated system
when things do not work right. It is handling 100% of the time all of
the problem cases that might arise. But thinking about problems and
simulating problems is hard. The real world is very much more
inventive and tireless in producing unexpected corner cases. Even if
statistically the occurrence is very low these things can cause severe
distress to us and so we are going to be very cautious of this type of
approach.

Bob