Transparent SMTP proxy intercepts all messages and maintains a running total of emails sent per source IP.
How would you handle STARTTLS?
I was thinking the same thing. Why don't we all just drop, at smtp time, any of the following: Mail that contains malware[1] Mail that fails an SPF test Mail that comes from a dynamic IP block [1] malware can be defined as executable attachments and anything matching Vipul's Razor for concealed malware (passworded zip files which contain a trojan). Legitimate users who get caught by this will be: People who run their own MTAs on a dynamic IP. Bad move guys, most of the world ignores you already anyway. People who post from different ISPs to their domain. You can get around this with SMTP AUTH + STARTTLS. People who for some reason want to post executable content via email. They'll get an SMTP rejection, perhaps with a link to a url containing information about why. All of these problems are easily overcome, in particular by using your ISPs MTA as a smarthost, if you don't have your own MTA elsewhere, and by ISPs implementing SMTP AUTH + STARTLS for remote users. Illegitimate users who will get caught by this include: Virus infected machines. If they don't send via their smarthost, they don't get anywhere. If they do send via their smarthost, their smarthost drops malware anyway. The mail doesn't get anywhere. -- Daniel Lawson WAND Group, Computer Science Department University of Waikato email: daniel(a)wand.net.nz phone: +64 7 838 4466 ext 6254