Jeremy Kister wrote: [... giant snip ...] We are a former user of SORBS. Our issue was not that of dynamic IPs, but rather their spamtrap listings. A few weeks ago, at least two of Comcast's legitimate mail servers was blacklisted. As Comcast has a majority of the cable service in our area, we have a lot of users that use Comcast as their ISP. Needless to say, listing several of Comcast's prominent mail servers caused our mailers to reject the mail with the SORBS bounce reply. We have since ceased using SORBS and cured the Comcast problem, as well as a couple of other unrelated (and previously unreported) problems. But I have/had a considerable degree of respect for SORBS, and as part of our abuse department, I dutifully report all of our reported spam deliveries to SpamCop. When SpamCop does it's analysis and notes that the spam in question was listed in SORBS, I now cringe. It would have been blocked. So currently I'm considering asking for partial zone transfers of some of their blocks (our mailer doesn't discriminate against the DNS return address being 127.0.0.x or 127.0.0.y, a hit is a hit) and omitting at least the 'spamtrap' portion (for the same reason we don't use SpamCop directly -- the knee-jerk false positives outweigh the real hits to upset a considerable portion of our user base). From the opposite standpoint in acting on spam that originates in our domain, everything to date has been a compromised machine and/or virus. If SpamCop lists our registered mailers, I can at least respond from the abuse address that the problem has been corrected and there are no further interruptions in our mail service. I can only imagine the problems if you end up blacklisted by SORBS if their response time and effort is really this low for cleaning up their lists. While the big ISPs may not act immediately (or at all) on compromised hosts with trojan proxies, we do keep a tight lid on it (and block SMTP from end-users at egress, but that is another discussion). Jeff