Re: [anti-spam-wg] greylisting (was: RIPE 51 anti-spam WG minutes)
To: RIPE anti-spam WG <>
From: Bruce Campbell <>
Date: Tue, 13 Dec 2005 10:15:49 +0100 (CET)
On Mon, 12 Dec 2005, Markus Stumpf wrote:
When talking about Greylisting, most people critical of the
tempory-reject-please-retry behaviour tend to ignore or forget that this
behaviour is only on the first delivery attempt of the mail. On later
attempts, the receiving machine already has the matching tuple within its
database, and allows the mail through.
On Wed, Dec 07, 2005 at 04:16:44PM +0000, Rodney Tillotson wrote:
Peter Koch: Greylisting is pushing the problem towards the
infrastructure. If I have a high-volume mail server, lots of mail
does not get delivered on time and puts burden on the sender side.
IMHO infrastructure is the wrong word here. Sender is the better term.
And isn't antispam all about making every mail harder and more cost intensive
for the sender (and thus even more for the spammer)?
Mail from lists, or if you'd like, regularly occuring events on the mail
infrastructure are only a burden for the initial attempt. Attempts beyond
that are, by and large, allowed straight through.
The only remaining burden on the mail infrastructure are the 'once-off'
mails between two entities that have not previously communicated. Now,
its entirely possible that my experience with email is not normal, but
most people have a regular set of entities that they send/receive email
to/from. The 'real' 'once-off' mails tend to be on the low side, vs the
great number of try-once 'once-off' mails from other sources, eg:
For viruses and worms greylisting works exceptionally great. The
virusscanners for all customers with greylisting very rarely see any
of the current huge W32/Sober-Z wave or any other viruses.
Yes, like most anti-spam technologies, the widespread adoption of
Greylisting will result in the spammers changing their tactics to make
Greylisting a technology with little effect. Until then, my inbox gets
much less spam (wish I'd thought of putting it on the NCC mail servers, as
it would have seriously cut down on the amount of crud received there).
But I do see a problem if greylisting gets wide adoption. Spamware will
not keep track of 2xx, 4xx or 5xx codes as it does now. Spamware will
"respam" each and every message again after - hmmm - 1 hour. This will
break the greylisters and will become really annoying to non-greylist
However, one of the aims of Greylisting is that it delays the initial
acceptance of the email for long enough that other techniques, such as
RBLs or distributed checksums, have enough time to get a positive match on
this particular spam source. In the end, all that matters to the end user
is that the spam did not get to their inbox.