> -----Original Message----- > From: Christopher Sean Hilton [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 26, 2007 9:05 AM > To: Ted Mittelstaedt; User Questions > Subject: Re: Greylisting -- Was: Anti Spam > > > Ted Mittelstaedt wrote: > > [snip...] > > >> Greylisting works because many, and I'd like to say most, spam programs > >> never retry message delivery. > > > > Actually, no. Greylisting works because it delays the spam injector > > long enough that the injector will get blacklisted by the time that the > > greylist opens the door for the mail to come in. Greylisting alone > > by itself is getting less and less effective every day. > Spammers are now > > starting to setup spam injectors to retry. If you think about it, it is > > very easy to program. Simply create a list of victims, iterate through > > the list once, deleting all the victims that accept, then wait several > > hours and iterate through the list again. It didn't take a > rocket scientist > > to figure that one out. > > > > Since SA has a lot of the major blacklist servers as score-feeders, the > > spam that gets past the greylist just gets tagged by SA. > > > > When I scan my maillogs I find that 22% of the hosts that generate a > greylisting entry retry the mail delivery and thus get whitelisted. The > other 78% don't attempt redelivery within the greylisting window.
That's probably par. However, the reason your putting so much faith in the delaying, is simply that you aren't getting a lot of spam. I have published e-mail addresses. Without greylisting I got about 1500-2000 mail messages a day to each of them. With greylisting alone that drops down to about 400-500. The thing is, that spam is a numbers game. Someone who is only getting for example 50-100 spams a day to their mailbox is going to think greylisting is virtually 100% effective, simply because when they institute it, their spam goes from 50-100 down to 1-5 spams. So they are going to probably conclude that someone getting ten times the amount of spam as them will have their spam drop down to the same 1-5 after greylisting. But, spammers are perfectly willing to send 1000 spams to a single mailbox if they think that doing so will get 1 spam past the filters on that box. I do have customers with -unpublished- e-mail addresses that are perfectly satisfied with greylisting alone - simply because they don't get a lot of spam in the first place. But, that's like saying that injecting a can of stop-leak into a leaking tire is a fix for it. Stop-leak will reduce the rate that air leaks out down to an undetectable amount if the initial leak was small, but the tire still is leaking. Ted _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"