A great deal of spam we receive comes from [what appear to be] hacked boxes on DSL or Cable accounts. The harnessed box does not go through their ISP's mail server but rather connects directly to us on port 25 and speaks smtp. The broadband customer has no idea that hundreds or thousands of messages are coming through their connection and the ISP will never know unless it gets enough complaints. Some ISPs filter all port 25 packets unless the destination is that ISP's mail server. I never liked this policy but it seems that it could get rid of a bunch of spam.

MS has discussed the notion of causing the sending server to perform a brief task (10 seconds or so) before successfully sending a message out and this should cut the amount of mail being sent out to a max of 8600 per day per computer. But with potentially hundreds of thousands of hacked boxes out there on the net, we won't see much benefit, in my view of course.

I would guesstimate that 50%+ of the spam we receive come from consumer connections and I can only guess that they have no idea it is going on. If I could ignore all of those connections (reject them that is) I could focus more on blackholing the major spam machines. I know there is an RBL of sorts which tracks "dial-up" or consumer IP space but there are some babies in that bath water so it is tough to use that DB. I'd prefer to have that DB and a list of valid and verified exceptions. I don't want to have to add them in a reactive way though so there would need to be a way for small guys running legitimate mail servers from DSL connections to register themselves. This combo and the use of other RBLs could get the spam level way down. Hopefully Bayesian and other filtering technologies can thwart much of the remaining flow and work on a much smaller load.