|<<< Chronological >>>||Author Index Subject Index||<<< Threads >>>|
Re: [anti-spam-wg] greylisting (was: RIPE 51 anti-spam WG minutes)
- To: RIPE anti-spam WG <>
- From: Bruce Campbell <>
- Date: Tue, 13 Dec 2005 10:15:49 +0100 (CET)
On Mon, 12 Dec 2005, Markus Stumpf wrote:
When talking about Greylisting, most people critical of the tempory-reject-please-retry behaviour tend to ignore or forget that this behaviour is only on the first delivery attempt of the mail. On later attempts, the receiving machine already has the matching tuple within its database, and allows the mail through. (sendingdomain+sendingIP+receivingaddress)On Wed, Dec 07, 2005 at 04:16:44PM +0000, Rodney Tillotson wrote:Peter Koch: Greylisting is pushing the problem towards the infrastructure. If I have a high-volume mail server, lots of mail does not get delivered on time and puts burden on the sender side.IMHO infrastructure is the wrong word here. Sender is the better term. And isn't antispam all about making every mail harder and more cost intensive for the sender (and thus even more for the spammer)?
Mail from lists, or if you'd like, regularly occuring events on the mail infrastructure are only a burden for the initial attempt. Attempts beyond that are, by and large, allowed straight through.
The only remaining burden on the mail infrastructure are the 'once-off' mails between two entities that have not previously communicated. Now, its entirely possible that my experience with email is not normal, but most people have a regular set of entities that they send/receive email to/from. The 'real' 'once-off' mails tend to be on the low side, vs the great number of try-once 'once-off' mails from other sources, eg:
For viruses and worms greylisting works exceptionally great. The virusscanners for all customers with greylisting very rarely see any of the current huge W32/Sober-Z wave or any other viruses.
Yes, like most anti-spam technologies, the widespread adoption of Greylisting will result in the spammers changing their tactics to make Greylisting a technology with little effect. Until then, my inbox gets much less spam (wish I'd thought of putting it on the NCC mail servers, as it would have seriously cut down on the amount of crud received there).But I do see a problem if greylisting gets wide adoption. Spamware will not keep track of 2xx, 4xx or 5xx codes as it does now. Spamware will "respam" each and every message again after - hmmm - 1 hour. This will break the greylisters and will become really annoying to non-greylist mailservers.
However, one of the aims of Greylisting is that it delays the initial acceptance of the email for long enough that other techniques, such as RBLs or distributed checksums, have enough time to get a positive match on this particular spam source. In the end, all that matters to the end user is that the spam did not get to their inbox.
- Re: [anti-spam-wg] greylisting
- From: Florian Weimer
- [anti-spam-wg] RIPE 51 anti-spam WG minutes
- From: Rodney Tillotson
- Re: [anti-spam-wg] greylisting (was: RIPE 51 anti-spam WG minutes)
- From: Markus Stumpf
|<<< Chronological >>>||Author Subject||<<< Threads >>>|