The method and system of identifying and stopping illegitimate communication attempts on the internet includes collecting statistics of a sending IP address from a plurality of subscribers and storing said statistics in a central database. A risk assessment factor is calculated from the statistics to determine the risk that the sending IP address is controlled by an abusive message sender. Afterwards, the risk assessment factor is distributed to the plurality of subscribers so that each of the subscribers may determine whether to accept a connection request from a particular sending IP address according to its own locally set policy.