Jeff Kell wrote:
If we could somehow blackhole *only* SMTP inbound, that would be ideal, but I feel that blackholing all IP from/to those sites would be far too much collateral damage.
That's where the problem lies. We consider it inconvenient. Too often do we not take action because it would cause collateral damage. How many ISPs only warn their customers about worm/virus infection versus suspending the account until it is fixed? In the case of open proxies, the most highlighted damage is the sending of spam. However, these boxes can perform any server a hacker would like. To make it even nicer, there are dnsbl's out there to provide you a list of boxes that you can use to anonymize with. May not work with port 25, but how about port 80, 23, 21, 110, etc? The risk is real. We just choose to ignore it. It will come back to haunt us. Forget port 25 blocks. zap the whole IP. -Jack