Nick FitzGerald will probably have the last word on this after the debilitating blow delivered thus by his over-achieving intellect: >> Ah, but Nick, I *DO* have omniscient access to the non-mythical IP-to-user >> mapping list -- and so do you. ... >No, we don't. >It then can post from that machine using >whichever of the addresses it chooses. >all you get in the virus' message headers >is what the first SMTP relay it >hit records in its Received: headers. >Finally, consider the subscriber to poster >(or "lurker") ratio.
I see nothing at all wrong with blaming you personally for all of the spam that originates from CLEAR Net Mail, New Zealand and ends up at FD. You are the closest person of competency to the problem. ;-) You discount the number of fixed-IP DSL and other broadband connections employed by people who are candidates to have the FD e-mail address lurking somewhere on their hard drive. That first-and-only SMTP relay hop directly to netsys.com MX 199.201.233.10 will still give the FD MTA an opportunity to do SMTP forensic logging, and all we need is the IP address to convict many FD subscribers of willful, premeditated, or negligent wormicide. You also dismiss implicitly the likelihood that the oblivious real end-user will be spewing non-spam, non-worm communications and getting themselves profiled and logged all over the place as the demonstrable temporary owner of the IP address in question during the time period of interest... Just think "doubleclick". Sincerely, Jason Coombs [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html