Sun Apr 7 19:48:40 UTC 2002
------ Vernon Schryver, <200204071843.g37Ihmf1011971@calcite.rhyolite.com> writ es: I think that such systems cannot be made to work except in very restricted situations when only a very few people are allowed to report mail spam. When you have more than a very few reporters, you cannot be sure that none of them will make any mistakes and accidentally report good mail such as a CERT advisory. I've doubts about even one reporter being sufficiently reliable, but maybe that's because I make too many mistakes. These statements are truer more and more. I wrote a very simple tool which took the spam we collected, found the originating machine (previous hop from our inbound servers) and looked for multiple occurences. We always blocked after spam #2. We had to make this more manual and less automated when we kept blocking aol.com, earthlink.net and yahoo.com on a weekly basis.
More information about the DCC