14 Jan
2007
14 Jan
'07
7:43 p.m.
On Sun, 14 Jan 2007, Tony Finch wrote:
I would expect the lists of compromised hosts to be fairly effective - open proxies of various kinds and perhaps botnet hosts. As for SMTP the blacklists would only be a starting point that either provide a cheap preliminary check or feed a more sophisticated filtering system.
If you allow anonymous, unauthenticated access to any system it will be abused. Auctions, blogs, chat, mail, phone, etc. IP addresses have never been good authenticators for applications. Sending confirmation E-mail addresses aren't that much better. And blacklists will just continue to grow longer. How do you know your user?