23 Oct
2013
23 Oct
'13
6:32 a.m.
On 10/22/2013 10:27 PM, Robin wrote:
On 10/22/2013 3:22 PM, Noel Butler wrote:
But I agree with you on the rest, since of those 500K IP's Marc claims to have I'd bet that 99% are hijacked innocent pc's/servers, and of them, >75% would likely be a one time usage.
This accords with our own statistics. While it IS tempting to treat every IP# that "spams" or hits you with a port-scan as something worthy of blackholing, the reality is that the vast majority of the attempts are from "innocent" victim hosts.
Now, there's little doubt that MOST of these are not legitimate MTA endpoints, and so "shouldn't" be issuing email directly to your MX hosts. SPF + OpenDKIM are great...
The OP is discussing possibly blocking *IMAP* connections, not SMTP.
-- Stan