greylisting -- was Re: [anti-spam-wg] Anti-spam WG draft agenda RIPE 51


Are you sure you understand greylisting well? Even if spammers are
able to retry the SMTP connection, there is a bigger chance for their
IP address or a website domain being blaclisted (SURBL...) and/or the
message fuzzy signature being added to a database like Vipul's
Razor/Cloudmark.


Compare the transcript with the facts:


>      A4   Minutes
>           http://www.ripe.net/ripe/wg/anti-spam/r50-minutes.html

" C. Technical Measures

Rodney:
Anyone know of different (new) tricks regarding filtering?

Brian:
Greylisting: when a message comes in the receiving server at first
rejects it but not permanently. A genuine sending server will retry
and its second attempt will normally be accepted. There are some
issues with the resulting delays to messages.

Rodney:
Personally I feel that the bot writers will have found a way around
this very soon."


http://www.greylisting.org/

"But.. spammers adapt!?

Yes they do. But that does not really make greylisting useless. This
delay in new sender contacts also gives you a lot of extra power. This
may be an hour, in in this hour there is a large chance that the mass
mailer / spammer has been identified by the more conventional anti
spam software. Thus when he retries it is likely that we will know him
for what he really is! "


I have tested greylisting efficiency and I have been very satisfied.
The only spam which come through was the spam sent by spambots via
webmail interface (iPlanet Messaging Server mshttpd and Hotmail.com
are very popular among the spammers)


There are more options available for greylisting like increasing the
greylisting period for the senders listed in DNSBL's.


Slowing the spam influx makes sense esecially at the ISP/carrier
level. You can use greylisting for free or you can buy a different
solution which works by a TCP traffic shaping:

http://www.turntide.com/router/how.asp