Email spam is a significant problem for ISPs and Internet users. While part of the solution is legislative, there remains many avenues for innovative technological spam mitigation techniques. We propose a novel TCP-layer algorithm that statistically accepts or rejects in-bound TCP connection requests based on the recent past history of spam injection from particular source IP addresses. Our scheme allows for the automatic rehabilitation of legitimate senders and cuts the operating cost of manually updated blacklists and whitelists. It also reduces the consequences of falsely categorising emails and reduces the last-hop network resource consumption caused by spammers. Our scheme sits transparently in front of the existing SMTP server, so it will supplement (rather than replace) existing spam-filters operating inside existing SMTP servers or at the end-user’s mail client.