While we are on the topic of blacklists, can anyone point me to a blacklist of hosts performing ssh brute force attacks? I have been wondering if it would be effective to use such a list for email since those compromised hosts do seem to be used primarily for spamming. (Just having spent most of the night monitoring a Romanian spammer controlling his botnet.)
The SORBS web.dnsbl.sorbs.net zone lists similar and a whole load of other compromised hosts - it is also the only SORBS zone with automated listing timeouts.
Regards, Mat