athompso at athompso.net
Mon Dec 4 13:23:46 CST 2006
Trevor Cordes wrote:
> Unless... change hte subnetmatch to /16 (or even /0??) and rely more on
> the to/from tuple. Why not? Most spams use random to/froms. Not
> ideal, but /0 would get around the braindead/pool problem while still
> providing some greylist benefit.
There's one big problem with that... botnets. Odds are excellent that
two 'bots are going to be in the same class-B (think Shaw or MTS...),
which will cause the entire ISP address space to be whitelisted. Even
/24 has this problem, but on a smaller scale. You're betting the odds,
and have to find an acceptable balance.
More information about the Roundtable