Satya's blog - The spam problem

Filters are fine and all, but they still put the processing burden on the receiver.

How about rate-limiting connections from unknown servers? Let's say you are big.isp.com. You know about smtp.other.isp and smtp.foo.com, so you allow them to connect at will.

Now zombie.any.com connects. You've never seen this one before. You could graylist -- a technique where you send a "busy, try later" message to any server that you've never seen before. Spam servers rarely try later. Legit mail could get delayed.

Or you could rate-limit connections. Some connecting servers would get no limit at all -- trusted servers. Some would get a small limit that might even be traffic or time dependent. Unknown servers would get a larger limit. Thus connecting servers could only inject messages at a throttled rate -- no spewage. The downside is that you'd have to hold connections open longer, occupying resources.

You could use a combination of the two.

SPF records could help cut down on zombie mailers, but they haven't gained wide acceptance yet. I can't decide whether to support SPF so that it takes off, or not support it because it hasn't taken off.