Will Aoki made the following keystrokes: >On Sun, Jan 29, 2006 at 12:15:13PM +1300, Bojan Zdrnja wrote: >> Greylisting works OK at the moment as spammers have no need to go >> around it. But, you can be sure that once greylisting reaches critical >> level of deployment, spammers will go around it very easy (basically >> they just have to modify their applications). > >Indeed, I believe that some spammers, accidentally or deliberately, have >already done just that. Last summer, I saw pill-spammers sending >multiple messages from the same source, with the same envelope, and to >the same recipient over about a seven-minute period. This cut through my >greylisting quite effectively until I increased the greylist delay. > >I haven't noticed any viruses yet that are effective at bypassing >greylisting - I've only seen a few make it as far as my antivirus in the >last few weeks. To get around greylisting, they'd need to dedicate space >to keeping track of what sender they used for each recipient. > >If and when spammers and virus authors do start changing their methods, >I predict the use of greylisting to buy time for spam- & virus-traps to >feed a good old-fashioned blacklist. > >-- >William Aoki KD7YAF [EMAIL PROTECTED] 5-1924 >
I've been wondering about this a little as well. What if greylisting was given another parameter for "hits". Instead of it being just a one shot at being "seen before" you include a count. Now instead of accepting the 2nd and further hits, you force it to the 3rd hit or more. There would still be the time check for initial retries. --Gene
