Quick example, though: of 6936 patterns currently in my list, if you
just run a cut on \\ (which catches either '.' or '-' as the
next char,
for the most part) you get (matches of 20 or more):count first left-hand pattern part
----- ----------------------------
1572 ^[0-9]+
206 ^.+
200 ^host[0-9]+
179 ^host
Exceedingly long list cut....
Just to throw in my own 2 cents: I find it really ironic that we rely on
reverse DNS data that potentially comes from a spammer in order to determine
whether or not someone is a spammer. It probably works for the zombies.
But in the long run, ip based filtering is quicker, since there's no DNS
check and you have a better idea of the size of the netblock you're
filtering.
I'll be a lot happier once the smtp-submission port (587) catches on. It
will make filtering a lot simpler.