But isn't it a _good_ practice to make an attempt (everything these days seems 80-20 rule) to block dynamic Ips from sending direct-to-mx?
Yes -- it is. But the problem is identifying those IPs; it's nearly impossible. Many people have tried, but everyone that does always comes up with lots of static IPs (typically because the reverse DNS entries for them look the same as those for dynamic IPs), and no way for the static IP owners to get removed. For example, many ISPs might have 192.0.2.1 through 192.0.2.127 dynamic, and 192.0.2.128 through 192.0.2.254 static, but have reverse DNS entries of "192-0-2-XXX.my_isp.com" for all of them. How do you know which are which?
It seems that this is such a common problem, not only with spam, but viruses, that to force a dynamic user to auth to something, or send through a specific relay server (that can filter) is 110% legit.
Correct. The problem is accurately identifying those dynamic IPs. Some people start off good, blocking real dynamic IPs -- but often the test works pretty well (catching a fair amount of spam, with 0 false positives!), so they start exploring other IP ranges, and *bam* they start blocking legitimate mail, too.
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
