He's generating a list of spamtrap addresses, based on his server logs of the unknown addresses in his own domain. If your address isn't in his domain, you're unaffected.
He is publishing his list of bad addresses on a page as a spamtrap. If you don't harvest email addresses off this page, you're unaffected.
He's publishing a list of IPs which have sent messages to those spamtrap addresses (at his own domain, using his own mailserver). If your server didn't send mail to a spamtrap address on his server, you're unaffected.
This has nothing to do with spam return addresses, other than the fact that a lot of his log entries with unknown addresses are due to spammers Joe Jobbing him (just like they did to you). He's just taking that data, and further using it to catch other harvesting/spamming operations.
While the idea of choking the spam servers with a 1-byte-per second response sounds cute, it won't work for long (the bot-herders are clever, and will learn to work around it), and causes collateral damage. Their "one byte per second" means sending "one packet per second, with a one byte payload. It still has all the TCP/IP overhead needed for every packet, so they're wasting far more bandwidth than the spam message. In other words, they're making themselves another part of the problem (the problem being wasting the shared bandwidth on the network). So yes, I do agree with checking the "vigilante action" box on the obligatory form response.
Whoosh. The point of tarpits is to tie up spammers in the tarpit, to keep them from sending mail elsewhere.
In the example above, a spammer spent over two hours trying to send a single email. For comparison, bulk emailers brag about being able to send hundreds of emails per minute (one program showed almost 1500 emails sent in 3 minutes). At 500 spams/minute, his spamd just stopped 60,000 spams.
TCP/IP packets have an overhead of about 40 bytes. What would normally go in a single 1500 byte packet will now take about 60KB. I'm willing to donate 58.5KB per "real packet" worth of data on my home DSL connection (which sits mostly unused while sleeping or at work anyway) to completely stop a spammer for two hours. Even if it uses 3MB to send that one message to me, that's still equal to the total of 60,000 spams of 50KB each. And remember, that's a single source to destination transfer rather than scattered all over the internet in general. This tarpit has the same effect on the general internet bandwidth as my downloading of the latest Windows patch (throttled down to take two hours). All while stopping 60,000 spams to other people and the underlying traffic all over the net.
I fully agree that this will become a cat and mouse game just like every other solution out there, should this become widespread. Spammers will simply drop connections that are too slow, and anti-spammers will respond with less-obvious slowdowns, and so on. However, spam is currently profitable because it requires little work or resources of the spammer. They just hit a button and it does its thing. If you can force them to sit there and watch the spam-mailer to make sure there isn't a massive slowdown in the middle, then you've just greatly increased the cost of spam, and therefore greatly reduced the profitability, and in turn the incentive to spam. This is not a solution to spam by any means, but it is currently a good way to mess with spammers.
The original article's shared blacklist is indeed a "vigilante" method though, just like every other shared blacklist out there. If done well, they can be an effective "neighborhood watch" for the internet. If done poorly, lots of harm can come to innocent users. This is completely irrelevant to the general concept of tarpitting though.
DRV's that spin down the HD when they are off and have no planed shows coming up.
Your DVR doesn't know if your TV is on. How useful is a DVR which doesn't offer rewind, but only records scheduled programs?
In the case of satellite/DVR boxes like smprather mentioned, the box knows if you're pulling a signal through it (though admittedly it doesn't know if the TV is actually powered on). When you've pushed the "power" button to turn it off and there are no upcoming events, I don't see why it still needs to consume 98% of the power it uses in regular operation.
Regarding Your DVR doesn't know if your TV is on. for other DVRs (an area where I have little knowledge), don't you tune the TV signal through the DVR? Obviously it couldn't tell the difference between watching the exact same thing for 6 hours without touching any buttons versus being idle for 6 hours because you're not watching TV. But it should at least be able to tell between actively watching TV (changing channels and such) and not doing anything. Perhaps going into a standby mode like the satellite boxes do after a period of inactivity?
Instead, Bad Behavior pioneered an HTTP fingerprinting approach. Instead of looking at the spam, we look at the spammer. Bad Behavior analyzes the HTTP headers, IP address, and other metadata regarding the request to determine if it is spammy or malicious. This approach has proved, as one user said, "shockingly effective." After all, spammers write their bots on the cheap, and have little incentive to code very well. If they could code very well, they probably wouldnâ(TM)t be spammers.
For some numbers, Akismet has blocked 400 spams on my site. BB has blocked 197 attempts this week. I'm not sure how far back Akismet goes, but the point is that BB blocks the vast majority of spammers before they even post their message, then Akismet generally catches the rest.
Agreed. I put Ubuntu on an old Dell laptop for my girlfriend last Christmas so she could put music on the iPod she got. She's been working in call centers for years, typing on a (Windows) PC 8 hours a day. I told her that we should be able to make the laptop do whatever she needed, but it might look a little different because it wasn't Windows. Her response: "What's Windows?"
I'm still on Windows because of some games, so I don't have a ton of experience with Ubuntu. I did a little research and got gtkPod and a few other apps, and I haven't heard of any problems (other than the poor wifi reception from the super cheap router I put in). She does all her online stuff (banking, buying music from Amazon, ordering Papa John's, etc.) and manages her iPod (ripping CDs and putting MP3s on the iPod) just fine.
For someone with zero experience, Ubuntu is no harder to learn than Windows. It's simply different, and the change from Windows is what's hard to deal with.
I took an old Dell GX280 that we were getting rid of and turned it into a FreeNAS. The OS is installed on a 1GB MicroSD card in a tiny USB adapter and I stuck in a WD6400AAKS (WD 640GB SATA). Using the onboard NIC, I transferred a multiple-GB ISO between it and my PC (Athlon X2 6000+, 4GB, nForce 590, Seagate 500GB 7200.10). I sustained over 300Mb/s on the transfer. Also, my TrendNET switch between the two doesn't support Jumbo Frames, so this is with standard packet sizes. Not bad for two PCs with single SATA drives and onboard NICs, on a ~$120 NAS built in less than an hour (including hardware and software install).
Granted, the future is always in flux but the prospects for a large-scale industrial war the likes of WWII are extremely remote.
What are you basing that on? WWII didn't happen in a vacuum. The first thing that happened was the economic rug got pulled out from under the globe -- sound familiar?
I do use NTT, but I don't like it for addon compatibility. When you use NTT, it edits the version number listed in the addon. It spoofs the author stating that the extension is compatible. Its compatibility setting is simply changed to state that it supports the current version.
When you use the extensions.checkCompatibility option, it simply overrides the function that automatically disables old extensions. Setting the option adds a warning banner to the top of the Addons window stating that checking is disabled and that some extensions may be incompatible. Old addons are not automatically disabled, but they do show the warning exclamation icon and state that they're not compatible. If you do find an extension that causes major problems, you can manually disable it while still using this setting to allow other old addons to run.
The about:config option disables the built-in protection and lets you decide for yourself if you want to run unsupported addons. NTT hacks an addon to get around the built-in protection. I very much prefer to know that the addon is working because of a workaround, as I'll tend to look more for an upgrade or replacement, which probably has other fixes or features as well.
As an addon author who has used both methods (as well as editing the version number back in the old days when about:config contained separate app and addon versions), I really prefer to disable the "save me from myself" protection and just manage my addons myself. Disabling extensions.checkCompatibility doesn't remove any per-extension management, it just gets rid of the version-based auto-disable. Addons still show up as being outdated, but you can choose to keep them enabled (or choose to disable them). With the NTT hack, your old version of the addon shows that it's perfectly compatible with the current version of Firefox. I really don't understand why anyone thinks that's a better solution.
Note that your Google Toolbar example would behave exactly the same whether enabled via NTT or extensions.checkCompatibility. If the addon is broken, it's broken. It doesn't matter whether you tell Firefox to ignore the version number or edit the addon's version number to whatever Firefox wants to see.
Granted, the barebones kit is most of the laptop and you can usually buy a Dell with the same configuration for cheaper, but there are a few options out there for "building" a laptop now.
This was one of the first complaints from the guy who modded the Wiimote to read sensors on his fingers, a la Minority Report. He said that after using it for a while, your arms just got tired out. As opposed to moving your mouse a few inches to move the cursor across the screen, you're now swinging your Wiimote/arm all around. While the extra activity may be nice in certain situations for limited periods, I don't think I want typing at work to be the equivalent of 8 hours straight of Wii Tennis.
I can see some of these alternative input devices being very handy for specialized use, but I have to agree with everyone else here that the good ol' keyboard and mouse will be around for a while yet.
This nat router, is this the usual linksys or dlink router, or are you talking about corporate level only?
Any NAT router. While an expensive business router should be higher quality and less vulnerable to attacks against it, the whole idea of NAT is what protects the PCs behind it. http://www.grc.com/nat/nat.htm explains it pretty well.
I would love to see how long a windows xp pro without spk2 but behind a router takes before being owned....
Behind a properly configured NAT router, never. NAT inherently blocks all inbound connections to a specific device, therefore a bad guy can't directly connect to the XP box to exploit any vulnerabilities. See http://www.grc.com/nat/nat.htm for more info.
Obviously, the clueless user could still do something to cause an infection. Once it's compromised that way, the floodgate for malware is opened up and anything goes. However, an outsider can't initially connect directly to the XP box to exploit it.
Don't signed certs also protect against phishing? When you go to your bank website, their cert is signed by a CA. If a phishing website is trying to trick you into giving them your username, they won't be able to have an SSL website that has the CA signed cert, which should be a red flag to a user that something is not right.
Not really. A phishing site could get its own SSL cert for whatever domain it's using. For example, a bad guy could get a cert for paypa1.com and https://paypa1.com/ would work just fine with a proper secure connection.
The idea is that Verisign or whatever CA granted the certificate should have checked them out, and only give them a cert if they're "good". However, their idea of "good" is completely up to them. You're trusting that whatever they say is good, is good to you also. But what if my name is Bob Paypa and I want to have an SSL cert for my personal domain, paypa1.com? I would hope Verisign wouldn't allow an obvious phisher to get an SSL cert for paypa1.com, but I also think they shouldn't flat-out reject SSL cert requests just because the domain name resembles another business' name.
Personally, I've never trusted the CA verification system. I see an SSL cert as something that guarantees my connection to that server is encrypted, nothing else. As others have said, if you trust a server enough to connect to it, then you might as well trust a self-signed cert from that server. Would I give them all my bank account info just because they have a cert? No. Would I do regular website stuff via HTTPS using their self-signed cert? Sure.
You won't be able to fix it yourself, but the ISP should be able to configure their domain to indicate its proper location. A reverse lookup on your IP should then work as intended.
Rights to OEM versions of systems software are granted in the OEM License Terms. The OEM License Terms for most OEM versions of systems software do not grant downgrade rights. The exception is the OEM License Terms for the Windows® XP Professional operating system and the Windows Vistaâ Business and Windows Vista Ultimate operating systems, which grant downgrade rights. See the full text of the OEM License Terms for the specific downgrade rights.
This addon lets you selectively override addons' compatibility, among other things.
I do use NTT, but I don't like it for addon compatibility. When you use NTT, it edits the version number listed in the addon. It spoofs the author stating that the extension is compatible. Its compatibility setting is simply changed to state that it supports the current version.
When you use the extensions.checkCompatibility option, it simply overrides the function that automatically disables old extensions. Setting the option adds a warning banner to the top of the Addons window stating that checking is disabled and that some extensions may be incompatible. Old addons are not automatically disabled, but they do show the warning exclamation icon and state that they're not compatible. If you do find an extension that causes major problems, you can manually disable it while still using this setting to allow other old addons to run.
The about:config option disables the built-in protection and lets you decide for yourself if you want to run unsupported addons. NTT hacks an addon to get around the built-in protection. I very much prefer to know that the addon is working because of a workaround, as I'll tend to look more for an upgrade or replacement, which probably has other fixes or features as well.
And before adding the "version check" bool, they stored version numbers in the preferences. There were separate values for application version and extension version, allowing you to specify the previous version to extensions so that they could work without having to wait for the author to update the addon.
I used SpamAssassin/procmail/IMAP on an e-smith/SME Server running on an old P200 machine in a company of about 20 people from 2000-2003. Procmail passed a copy of the message to SA. Depending on SA's verdict, the email either went into the Inbox or a Spam subfolder. I also setup learning subfolders and used a cron job to pass those emails to sa-learn.
No messages got altered (procmail passed a copy of the message, not the actual message) and all were just a click away, so false positives were a very minor issue. sa-learn did a good job of getting messages scored correctly. Using SA's RBL tests allows you to get the benefits of marking spam from known sources without flat-out rejecting those messages (which does cancel out the benefit of an RBL completely blocking spam traffic).
The biggest issue I've heard of with SpamAssassin is the processing power it requires. spamd/spamc helps that (compared to running the full spamassassin for each message) and even allows you to have multiple client machines connecting to one SA server. We didn't get nearly as much email as you do, but we never had any issues with that old PC we used, so I would think you'd be fine with any modern server running it.
FYI, Trent won the '93 Grammy for Best Metal Performance with "Wish" (Live / Video). The lights at the chorus are still one of my favorite parts of a NIN show. Closure Disc 2 has both the videos if you want to see them in high quality, and the Broken Movie is related too.
Not trying to be a smart-arse, but BIOS updates and SATA drivers still have to be installed with a floppy. No they don't. I've installed Windows XP (i386 and amd64) and updated the BIOS on my AN9 32X/Barracuda 7200.10 without even having a floppy drive in the system. Award has had a WinFlash program for years, and even Dell has Windows executables for BIOS updates now (which reboot into a DOS-like mode to do the actual update). Drivers for mass storage devices can be slipstreamed right into your install CD. RAID Slipstreamer is probably the easiest method, if your device is supported.
Slashdot Mirror
He's generating a list of spamtrap addresses, based on his server logs of the unknown addresses in his own domain. If your address isn't in his domain, you're unaffected.
He is publishing his list of bad addresses on a page as a spamtrap. If you don't harvest email addresses off this page, you're unaffected.
He's publishing a list of IPs which have sent messages to those spamtrap addresses (at his own domain, using his own mailserver). If your server didn't send mail to a spamtrap address on his server, you're unaffected.
This has nothing to do with spam return addresses, other than the fact that a lot of his log entries with unknown addresses are due to spammers Joe Jobbing him (just like they did to you). He's just taking that data, and further using it to catch other harvesting/spamming operations.
While the idea of choking the spam servers with a 1-byte-per second response sounds cute, it won't work for long (the bot-herders are clever, and will learn to work around it), and causes collateral damage. Their "one byte per second" means sending "one packet per second, with a one byte payload. It still has all the TCP/IP overhead needed for every packet, so they're wasting far more bandwidth than the spam message. In other words, they're making themselves another part of the problem (the problem being wasting the shared bandwidth on the network). So yes, I do agree with checking the "vigilante action" box on the obligatory form response.
Whoosh. The point of tarpits is to tie up spammers in the tarpit, to keep them from sending mail elsewhere.
http://www.invisibill.net/2008/01/17/spamd-ftw/
TCP/IP packets have an overhead of about 40 bytes. What would normally go in a single 1500 byte packet will now take about 60KB. I'm willing to donate 58.5KB per "real packet" worth of data on my home DSL connection (which sits mostly unused while sleeping or at work anyway) to completely stop a spammer for two hours. Even if it uses 3MB to send that one message to me, that's still equal to the total of 60,000 spams of 50KB each. And remember, that's a single source to destination transfer rather than scattered all over the internet in general. This tarpit has the same effect on the general internet bandwidth as my downloading of the latest Windows patch (throttled down to take two hours). All while stopping 60,000 spams to other people and the underlying traffic all over the net.
I fully agree that this will become a cat and mouse game just like every other solution out there, should this become widespread. Spammers will simply drop connections that are too slow, and anti-spammers will respond with less-obvious slowdowns, and so on. However, spam is currently profitable because it requires little work or resources of the spammer. They just hit a button and it does its thing. If you can force them to sit there and watch the spam-mailer to make sure there isn't a massive slowdown in the middle, then you've just greatly increased the cost of spam, and therefore greatly reduced the profitability, and in turn the incentive to spam. This is not a solution to spam by any means, but it is currently a good way to mess with spammers.
The original article's shared blacklist is indeed a "vigilante" method though, just like every other shared blacklist out there. If done well, they can be an effective "neighborhood watch" for the internet. If done poorly, lots of harm can come to innocent users. This is completely irrelevant to the general concept of tarpitting though.
DRV's that spin down the HD when they are off and have no planed shows coming up.
Your DVR doesn't know if your TV is on. How useful is a DVR which doesn't offer rewind, but only records scheduled programs?
In the case of satellite/DVR boxes like smprather mentioned, the box knows if you're pulling a signal through it (though admittedly it doesn't know if the TV is actually powered on). When you've pushed the "power" button to turn it off and there are no upcoming events, I don't see why it still needs to consume 98% of the power it uses in regular operation.
Regarding Your DVR doesn't know if your TV is on. for other DVRs (an area where I have little knowledge), don't you tune the TV signal through the DVR? Obviously it couldn't tell the difference between watching the exact same thing for 6 hours without touching any buttons versus being idle for 6 hours because you're not watching TV. But it should at least be able to tell between actively watching TV (changing channels and such) and not doing anything. Perhaps going into a standby mode like the satellite boxes do after a period of inactivity?
When I saw this article, I opened it specifically to mention Bad Behavior.
http://www.bad-behavior.ioerror.us/documentation/how-it-works/
For some numbers, Akismet has blocked 400 spams on my site. BB has blocked 197 attempts this week. I'm not sure how far back Akismet goes, but the point is that BB blocks the vast majority of spammers before they even post their message, then Akismet generally catches the rest.
Agreed. I put Ubuntu on an old Dell laptop for my girlfriend last Christmas so she could put music on the iPod she got. She's been working in call centers for years, typing on a (Windows) PC 8 hours a day. I told her that we should be able to make the laptop do whatever she needed, but it might look a little different because it wasn't Windows. Her response: "What's Windows?"
I'm still on Windows because of some games, so I don't have a ton of experience with Ubuntu. I did a little research and got gtkPod and a few other apps, and I haven't heard of any problems (other than the poor wifi reception from the super cheap router I put in). She does all her online stuff (banking, buying music from Amazon, ordering Papa John's, etc.) and manages her iPod (ripping CDs and putting MP3s on the iPod) just fine.
For someone with zero experience, Ubuntu is no harder to learn than Windows. It's simply different, and the change from Windows is what's hard to deal with.
I took an old Dell GX280 that we were getting rid of and turned it into a FreeNAS. The OS is installed on a 1GB MicroSD card in a tiny USB adapter and I stuck in a WD6400AAKS (WD 640GB SATA). Using the onboard NIC, I transferred a multiple-GB ISO between it and my PC (Athlon X2 6000+, 4GB, nForce 590, Seagate 500GB 7200.10). I sustained over 300Mb/s on the transfer. Also, my TrendNET switch between the two doesn't support Jumbo Frames, so this is with standard packet sizes. Not bad for two PCs with single SATA drives and onboard NICs, on a ~$120 NAS built in less than an hour (including hardware and software install).
Apple Quietly Recommends Antivirus Software For Macs http://it.slashdot.org/article.pl?sid=08/12/02/1314208
Granted, the future is always in flux but the prospects for a large-scale industrial war the likes of WWII are extremely remote.
What are you basing that on? WWII didn't happen in a vacuum. The first thing that happened was the economic rug got pulled out from under the globe -- sound familiar?
http://nuclearrisk.org/soaring_article.php points out how a lot of little, barely-noticed steps can take you to a point that you never imagined could happen. Originally from http://it.slashdot.org/article.pl?sid=08/10/21/1819256...
I said it before, but I'll repeat it here.
As an addon author who has used both methods (as well as editing the version number back in the old days when about:config contained separate app and addon versions), I really prefer to disable the "save me from myself" protection and just manage my addons myself. Disabling extensions.checkCompatibility doesn't remove any per-extension management, it just gets rid of the version-based auto-disable. Addons still show up as being outdated, but you can choose to keep them enabled (or choose to disable them). With the NTT hack, your old version of the addon shows that it's perfectly compatible with the current version of Firefox. I really don't understand why anyone thinks that's a better solution.
Note that your Google Toolbar example would behave exactly the same whether enabled via NTT or extensions.checkCompatibility. If the addon is broken, it's broken. It doesn't matter whether you tell Firefox to ignore the version number or edit the addon's version number to whatever Firefox wants to see.
Closing the tab works for me too. Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Source: Ars Technica
Perhaps they recently added that, but the article itself does list Ars as the source now.
OCZ Barebone Gaming Notebook
Directron's Notebook Barebone Systems
Granted, the barebones kit is most of the laptop and you can usually buy a Dell with the same configuration for cheaper, but there are a few options out there for "building" a laptop now.
This was one of the first complaints from the guy who modded the Wiimote to read sensors on his fingers, a la Minority Report. He said that after using it for a while, your arms just got tired out. As opposed to moving your mouse a few inches to move the cursor across the screen, you're now swinging your Wiimote/arm all around. While the extra activity may be nice in certain situations for limited periods, I don't think I want typing at work to be the equivalent of 8 hours straight of Wii Tennis.
I can see some of these alternative input devices being very handy for specialized use, but I have to agree with everyone else here that the good ol' keyboard and mouse will be around for a while yet.
This nat router, is this the usual linksys or dlink router, or are you talking about corporate level only?
Any NAT router. While an expensive business router should be higher quality and less vulnerable to attacks against it, the whole idea of NAT is what protects the PCs behind it. http://www.grc.com/nat/nat.htm explains it pretty well.
I would love to see how long a windows xp pro without spk2 but behind a router takes before being owned....
Behind a properly configured NAT router, never. NAT inherently blocks all inbound connections to a specific device, therefore a bad guy can't directly connect to the XP box to exploit any vulnerabilities. See http://www.grc.com/nat/nat.htm for more info.
Obviously, the clueless user could still do something to cause an infection. Once it's compromised that way, the floodgate for malware is opened up and anything goes. However, an outsider can't initially connect directly to the XP box to exploit it.
Not really. A phishing site could get its own SSL cert for whatever domain it's using. For example, a bad guy could get a cert for paypa1.com and https://paypa1.com/ would work just fine with a proper secure connection.
The idea is that Verisign or whatever CA granted the certificate should have checked them out, and only give them a cert if they're "good". However, their idea of "good" is completely up to them. You're trusting that whatever they say is good, is good to you also. But what if my name is Bob Paypa and I want to have an SSL cert for my personal domain, paypa1.com? I would hope Verisign wouldn't allow an obvious phisher to get an SSL cert for paypa1.com, but I also think they shouldn't flat-out reject SSL cert requests just because the domain name resembles another business' name.
Personally, I've never trusted the CA verification system. I see an SSL cert as something that guarantees my connection to that server is encrypted, nothing else. As others have said, if you trust a server enough to connect to it, then you might as well trust a self-signed cert from that server. Would I give them all my bank account info just because they have a cert? No. Would I do regular website stuff via HTTPS using their self-signed cert? Sure.
http://www.ckdhr.com/dns-loc/howto.html
You won't be able to fix it yourself, but the ISP should be able to configure their domain to indicate its proper location. A reverse lookup on your IP should then work as intended.
This addon lets you selectively override addons' compatibility, among other things.
I do use NTT, but I don't like it for addon compatibility. When you use NTT, it edits the version number listed in the addon. It spoofs the author stating that the extension is compatible. Its compatibility setting is simply changed to state that it supports the current version.
When you use the extensions.checkCompatibility option, it simply overrides the function that automatically disables old extensions. Setting the option adds a warning banner to the top of the Addons window stating that checking is disabled and that some extensions may be incompatible. Old addons are not automatically disabled, but they do show the warning exclamation icon and state that they're not compatible. If you do find an extension that causes major problems, you can manually disable it while still using this setting to allow other old addons to run.
The about:config option disables the built-in protection and lets you decide for yourself if you want to run unsupported addons. NTT hacks an addon to get around the built-in protection. I very much prefer to know that the addon is working because of a workaround, as I'll tend to look more for an upgrade or replacement, which probably has other fixes or features as well.
And before adding the "version check" bool, they stored version numbers in the preferences. There were separate values for application version and extension version, allowing you to specify the previous version to extensions so that they could work without having to wait for the author to update the addon.
I used SpamAssassin/procmail/IMAP on an e-smith/SME Server running on an old P200 machine in a company of about 20 people from 2000-2003. Procmail passed a copy of the message to SA. Depending on SA's verdict, the email either went into the Inbox or a Spam subfolder. I also setup learning subfolders and used a cron job to pass those emails to sa-learn.
No messages got altered (procmail passed a copy of the message, not the actual message) and all were just a click away, so false positives were a very minor issue. sa-learn did a good job of getting messages scored correctly. Using SA's RBL tests allows you to get the benefits of marking spam from known sources without flat-out rejecting those messages (which does cancel out the benefit of an RBL completely blocking spam traffic).
The biggest issue I've heard of with SpamAssassin is the processing power it requires. spamd/spamc helps that (compared to running the full spamassassin for each message) and even allows you to have multiple client machines connecting to one SA server. We didn't get nearly as much email as you do, but we never had any issues with that old PC we used, so I would think you'd be fine with any modern server running it.
As of this morning, all 2,500 of the uber-deluxe $300 packages are sold out. That's obviously not all profit, but it's still pretty amazing.
FYI, Trent won the '93 Grammy for Best Metal Performance with "Wish" (Live / Video). The lights at the chorus are still one of my favorite parts of a NIN show. Closure Disc 2 has both the videos if you want to see them in high quality, and the Broken Movie is related too.
My IM client of choice on Windows is Miranda. I quit using Trillian Pro in favor of Miranda.