> -----Original Message-----
> From: Christopher Sean Hilton [mailto:[EMAIL PROTECTED]
> Sent: Thursday, April 26, 2007 9:05 AM
> To: Ted Mittelstaedt; User Questions
> Subject: Re: Greylisting -- Was: Anti Spam
> Ted Mittelstaedt wrote:
> [snip...]
> >> Greylisting works because many, and I'd like to say most, spam programs
> >> never retry message delivery.
> >
> > Actually, no.  Greylisting works because it delays the spam injector
> > long enough that the injector will get blacklisted by the time that the
> > greylist opens the door for the mail to come in.  Greylisting alone
> > by itself is getting less and less effective every day.
> Spammers are now
> > starting to setup spam injectors to retry.  If you think about it, it is
> > very easy to program.  Simply create a list of victims, iterate through
> > the list once, deleting all the victims that accept, then wait several
> > hours and iterate through the list again.  It didn't take a
> rocket scientist
> > to figure that one out.
> >
> > Since SA has a lot of the major blacklist servers as score-feeders, the
> > spam that gets past the greylist just gets tagged by SA.
> >
> When I scan my maillogs I find that 22% of the hosts that generate a
> greylisting entry retry the mail delivery and thus get whitelisted. The
> other 78% don't attempt redelivery within the greylisting window.

That's probably par.

However, the reason your putting so much faith in the delaying, is simply
that you aren't getting a lot of spam.

I have published e-mail addresses.  Without greylisting I got about
1500-2000 mail messages a day to each of them.

With greylisting alone that drops down to about 400-500.

The thing is, that spam is a numbers game.  Someone who is only getting
for example 50-100 spams a day to their mailbox is going to think
greylisting is virtually 100% effective, simply because when they
institute it, their spam goes from 50-100 down to 1-5 spams.  So they
are going to probably conclude that someone getting ten times the
amount of spam as them will have their spam drop down to the same 1-5
after greylisting.  But, spammers are perfectly willing to send 1000
spams to a single mailbox if they think that doing so will get 1 spam
past the filters on that box.

I do have customers with -unpublished- e-mail addresses that are
perfectly satisfied with greylisting alone - simply because they
don't get a lot of spam in the first place.  But, that's like saying
that injecting a can of stop-leak into a leaking tire is a fix for it.
Stop-leak will reduce the rate that air leaks out down to an undetectable
amount if the initial leak was small, but the tire still is leaking.


freebsd-questions@freebsd.org mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to