Re: Spam passing greylisting.

On Jun 5, 2005, at 11:08 AM, Dave Lists wrote:

> Hi all,
> Everytime I mention greylisting I fear I'll start another
> arguement, so if you are against greylisting in concept or practice
> please ignore this thread.
> For those of you using it, are you finding more and more
> spammers are passing through greylisting? ...

Yes.

Although the majority of spamming bots still do not yet persistently
re-try.
Greylisting is still quite effective against those.

But don't forget the other -- more subtle -- use of greylisting:
the time interval it provides, during which the system sending can be
blacklisted.
The tricky part is ensuring that the greylist interval you use is long
enough to allow for blacklisting, but short enough not to unnecessarily
delay bona fide messages.

Depending upon which RBLs you use, those might not blacklist
wherever is spamming you fast enough. If they don't, you can also
do your own dynamic blacklisting. Cami suggested one way to do that.

Another technique is to have a few honeypot-type dummy recipient
addresses. Disable greylisting to those addresses so that they
receive the
spam immediately, and blacklist IPs from whence those messages come.