.. and if it has been tried, have you noticed any issues with this? Please consider the situation of net abuse with the source address being an infected PCs on a dialup pool that has port 25 filtering enabled. This sequence below is summarized from a post by an ISP admin on another list that I read. 1) SYN - Worm emails / spam goes out from another provider, with the source address spoofed to be the IP of a trojaned PC 2) ACK - Receiving network sends an ACK back to the forged source IP, and the trojan on that IP proxies this back to the actual spam source. 3) SYNACK - sent by the actual spam source to your network. Applying port 25 filters both ways (inbound and outbound to your dialup pool, instead of just outbound port 25 filtering) would help in such a situation. So, a quick poll .. how many ISPs here have noticed this behavior, and applied bidirectional filters? And if they've applied port 25 filters bidirectionally, have they noticed any problems with this setup? This ISP's post is only the second I've seen noting such behavior in a few months, the first being a nanog post in Aug 2004 by Hank Nussbacher - http://www.cctec.com/maillists/nanog/current/msg03171.html Two posts about this in several months - but still, enough of a trend for me to wonder how widespread this behavior is. --srs -- Suresh Ramasubramanian (ops.lists@gmail.com)