Indeed - with that many connections from that few unique IPs the numbers suggest it was all or primarily spam.

The email attempts needed to be accepted and examined, not just rejected out of hand, otherwise the fact that someone/something connected to your mail server and made a delivery attempt is utterly irrelevant.

It's a problem of course, since the premise of the article is valid, but the numbers provided as "proof" are misleading.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/685/2385#2385