On 1/27/06, Bill Borton <[EMAIL PROTECTED]> wrote: > One of my mail servers that was getting 15,000 - 20,000 inbound > infected messages a month was also getting pounded by spam. > I an attempt to mitigate the spam I implemented "Greylisting". > It's working very well for that site. I don't have hard numbers > available at the moment, but I guesstimate that it took spam > down by about %90.
Greylisting works OK at the moment as spammers have no need to go around it. But, you can be sure that once greylisting reaches critical level of deployment, spammers will go around it very easy (basically they just have to modify their applications). One other problem of greylisting is that it will inevitably delay some of your legitimate e-mail. If you can live with that, it's fine, but some environments can't afford it. The problem today is that users think that e-mail is "instant", while it's actually a store and forward mechanism that does best effort and doesn't guarantee anything. I had multiple cases of users on our campus complaining about how slow e-mail is (when it took 5 minutes to deliver something because the gateway was flooded). Imagine delay of 4 hours ... I talked briefly about this on last AusCERT, search the CISSP forum archives for the presentation if you want to download it. Cheers, Bojan
