4 Dec
2006
4 Dec
'06
7:23 p.m.
Trevor Cordes wrote:
Unless... change hte subnetmatch to /16 (or even /0??) and rely more on the to/from tuple. Why not? Most spams use random to/froms. Not ideal, but /0 would get around the braindead/pool problem while still providing some greylist benefit.
There's one big problem with that... botnets. Odds are excellent that two 'bots are going to be in the same class-B (think Shaw or MTS...), which will cause the entire ISP address space to be whitelisted. Even /24 has this problem, but on a smaller scale. You're betting the odds, and have to find an acceptable balance. -Adam