Last week, I got one spam ("get a free motorola pager") which came through 168 different open relays, bound for 4428 different recipients
I just peeked in my trash folder, and 6 out of the last 10 spams that I received were sent directly from dial-up spam blowers. Certainly we can agree that there are many paths spammers will take. If rate-limiting eliminates/curbs the throwaway dial-up abusers, then surely it is an effective tool in the fight. I'm not calling a cure-all.
That's why I think that port 25 blocking is the only way. That, and closing open relays, of course.
I would say that default blocking of port 25 is a good position to take, but you can't deny that has its own problems. For one thing, the exceptions become the rule. I've noticed a trend in spam from small businesses, cable users, etc., many of whom are behind non-throwaway lines. Going to a model where "legitimate" users are unfiltered doesn't stop all spam, it only delays it at best. In this regard, rate-limiting and port-blocks are just tools in the belt, neither of them is perfect. -- Eric A. Hall http://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/