For the reason you stated, "much to the chagrin of receivers". Easier to sell a service to customers downstream if it's being done in the network, without MX changing. Frank -----Original Message----- From: Ken Simpson [mailto:ksimpson@mailchannels.com] Sent: Tuesday, June 24, 2008 8:38 AM To: frnkblk@iname.com Cc: 'Christopher Morrow'; nanog@nanog.org Subject: Re: Cloud service [was: RE: EC2 and GAE means end of ip address reputation industry? (Re: Intrustion attempts from Amazon EC2 IPs)]
Source IP blocking makes up a large portion of today's spam arrest approach, so we shouldn't discount the CPU benefits of that approach too quickly.
I'm not sure where today's technology is in regards for caching the first 1 to 10kB of a session....once enough information is garnered to block, issue TCP RSETs. If it's good, free the contents of the cache.
What's your interest in mopping up spam in the middle of the network? Usually spam is viewed as a leaf-node problem (much to the chagrin of receivers, actually). Regards, Ken -- Ken Simpson CEO MailChannels - Reliable Email Delivery http://mailchannels.com 604 685 7488 tel