>It seems to me that greylisting and TCP tarpitting catch both sides of the >problem. Greylisting blocks junk from the single-attempt zombies, and TCP >tarpitting will catch the ones who are persistent offenders.
Maybe, probably not. Modern MTAs, even the ones that are not spambots, can run hundreds or thousands of connections in parallel. I very much doubt that you can tarpit enough of them to matter.