Author: M.Zraik (26 Jun 08 2:12pm)
I know this is an old post but I will say what I have done. IMHO - I block by IP if I know it, and then by domain name (Mail Server). A close scrutiny of your access and error logs will help you to determine the good from the bad.
Use this site to help find your ips and use senderbase.com to find your mail servers. You may find that several IP's are all related to the same server group or company. You might try to fire off an email to their abuse address if they have and monitor one, but mostly you are on your own to protect your resources.
Use your .htaccess file to not only block, but redirect as needed. One of my former sites had multiple entries in search engines that were pure junk entries with links to non-existent pages that all had the same pattern. A search engine comment spam job for sure. So I entered a regex that matched the pattern and redirected them all to the home page of the site. I turned their crap into a win for the site.
Lately, I have had to battle a Comment Spammers software that tries to use one of our scripts every ten minutes to send out crap. All they get is a 410 error, or they trigger the hijack filter in my script, which alerts me to their activity, IP address, and a harmless sample of the attempted injection of crap. Happy 410ing, M.Zraik