On Thu, 15 Feb 2007 19:02:12 CST, Gadi Evron said:
Many of them are SMTP-based only. IP reputation is very limited still.
Now, all that said, back on "most are broadband users" - no longer true. Many bots (especially in spam) are now web servers.
I'm willing to bet that most are *still* broadband users. Quite likely, even if 100% (yes, *every single last one*) of the "web servers" out there were botted, that would likely still be less systems than if only 5% of end-user systems were botted. Just a little while back, Vint Cerf guesstimated that there's 140 million botted end user boxes. Unless 100% of Google's servers are botted, there's no way there's that many botted servers. :) And the fact that web servers are getting botted is just the cycle of reincarnation - it wasn't that long ago that .edu's had a reputation of getting pwned for the exact same reasons that webservers are targets now: easy to attack, and usually lots of bang-for-buck in pipe size and similar.