To know about 'what is a mail bomber', please refer to this published paper that explains it quite well:
http://www.silkroad.com/papers/pdf/i...mail-bombs.pdf
We post their IP because what they do is illegal and folks should be aware of the identity of these cyber-criminals.
We knew of the attack because of high server loads, viewing log files and confirming the identity of the mail bomber with
lsof -i -n
Perderabo, I am sure of the IP address. TCP is a connection oriented protocol and has two end-points. This can be easily confirmed. You are mistaken when you say that the IP address of hackers (or their proxies) cannot be confirmed when connection-oriented protocols are used. You are correct that it is very difficult to identify them with connectionless protocols are used. SMTP is a TCP protocol.
As far as a comment on counter-actions. Let's see..... a nation-state like Korea or another country does criminal action against another nation-states assets. The identity is confirmed. Counter-actions are appropriate, but in this case I have already checked. The attacker was operating behind a firewall with all incoming services and ports blocks. You can scan the IP address yourself and see. This is not a rookie.... rookies make mistakes
We simply list the IP addresses of confirmed attackers because it is the right thing to do.