[anti-spam-wg] About DNSBLs vs greylisting - Was: Steve Linford and Spamhaus Internet Terrorists

  • From: Emanuele Balla balla@localhost
  • Date: Sun, 20 Aug 2006 19:25:30 +0200

Michele Neylon :: Blacknight.ie wrote:

> That depends on the mail servers... Quite a few big companies seem to be
> running servers that don't understand the 4** messages, so you have to
> whitelist them

Or people configuring their mailservers to try delivery just once, or
mailing-list services than do not use to keep queues for performance
reasons.

Or large neworks with several exit points for email, configured to
mutually fallback in case of deliverability problems. Mails tend to move
from one exit point to another even for days, since each exit point is
considered as "unseen" by the receiving greylisting system.

Seen it.



Moreover, an increasing amount of junk passes through greylisting, as
spammers know about its behaviour, and know that running the same run
through the same bot/proxies 30 minutes later is enough to bypass it.

At this time, greylisting is useful exactly for delaying the delivery:
in the meanwhile, there's the chance for the spam source to be catched
by euristic/retroactive DNSBLs like CBL/XBL/DSBL/etc before it starts
its second run.

Using greylisting alone will be soon almost unuseful.