Ted Mittelstaedt wrote:
-----Original Message-----
From: Bart Silverstrim [mailto:[EMAIL PROTECTED]
Sent: Saturday, April 28, 2007 5:05 PM
To: Ted Mittelstaedt
Cc: Christopher Hilton; User Questions
Subject: Re: Greylisting -- Was: Anti Spam
Both of those are assumptions your making that are just not true
anymore.
Spammers are adapting to greylisting. I've been running it for at
least 2 years now and every month more and more spam is making it
past the greylist and getting caught by spamassassin. As I mentioned
previously, it does not take a lot of programming effort to do it.
Sure they're adapting. They're also adapting to Spamassassin.
That's a bit different. It is trivial to adapt to greylisting. It is
not trivial to adapt to spamassassin, particularly if they have the
learner turned on.
Yes, it takes more. I would also say that when it's a game of them
blasting out as much as possible to hammer 1 or 2 through for every 1000
that doesn't, greylisting isn't something they all think about,
especially if greylisting is contributing to a backup in their sending
queue (or it is bouncing mail to nonexistent mail servers to retry
later, and since they don't exist or didn't send it in the first place,
the message *won't come back*).
My point is/was that no matter what you're trying, until there's solid
authentication of senders in place any statistical or gee-whiz method of
combating SPAM will be met by adaptation, so dismissing a method just
because it's "simple" to bypass doesn't mean it isn't going to stop a
few more of the messages.
The
fact that it doesn't take a lot of programming effort isn't the
reason,
Yes, it is actually. Because for the simple reason that the small
amount of programming effort required makes it possible to countermand
greylisting AT ALL.
And also make the spammer advertise who is sending the mail and thus
allow it to be tracked.
It isn't possible, I think, for a spammer to programmically get through
a SA setup with the learner turned on, that has a dictionary that
has been built up through both ham and spam submissions. The main
reason spammers do get past that has more to do with the difficult of
getting normal users to properly feed the learner. But the problem from
the spammers point of view is that in the Internet, 10 different SA sites
could have 10 different rules. But 10 different greylist sites will all
act the same, so if your going to put effort into countering the filters,
you would be smarter to counter greylisting first.
It's still one more hurdle. Tarpitting, greylisting, SPF, reversing MX
records...all simple things to get around, yet add one more layer of
headache for the spammer. Why make it easier for them?
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
