on 5/9/2012 9:59 AM Les Mikesell spake the following: > On Wed, May 9, 2012 at 11:07 AM, Bob Hoffman <bob at bobhoffman.com> wrote: >> >> I am starting to see a real pattern to all this. >> >> I would love to see someone do a case study on spam attacks. Their >> system seems well honed to scale up with your defenses until they >> finally have to 'appear' on their real computers like the ovh.net >> servers, and many more hosts, > > I think you are over-analyzing. The senders are distributed and shift > around whether you do anything defensive or not, and if you have ever > accepted an address, even years ago with a system like qmail that > accepted without checking anything, then tried to bounce bad > addresses, those addresses will be on some lists that are re-tried > forever no matter how many times you reject them now. I haven't > watched this for a while but I used to be surprised that even though > the senders were spread over hundreds of IPs, the overall rate seemed > to be centrally controlled and in what would look like a dictionary > attack the list seemed to be sorted, at least in big chunks, across > the senders. > I would turn that address into a spamtrap and use it to reject on your other servers...