[Greylist-users] Side benefit
corey at corlogic.com
Thu Aug 21 15:29:07 PDT 2003
The virus going around does in fact spread by finding new emails in the
user's address book. It then forges email based on those emails, using
one of the found addresses in the FROM as well as the TO.
Example: Virus A infects computer owned by B, who has addresses C and D
in the mailing list. B,C, and D are all close friends and email each
other frequently. The virus then composes an email "from" C to D, but
obviously using B's IP address. Assuming D is a greylister, the filter
will only be fooled if C commonly sends D email, AND B and C use the same
SMTP gateway. My guess is that this sort of arrangement happens often
enough for you to see a spike in usage.
> On Wed, Aug 20, 2003 at 10:11:37PM -0700, Scott Nelson wrote:
>> A much more tangible benefit of greylisting IMO is that viruses
>> like SoBig don't retry. I've heard there was an outbreak recently,
>> but I haven't seen any. :)
> My spamassassin load jumped a lot earlier this week, and I was assuming
> it was the viruses. Since I think they use addresses in the address
> book, it's possible they were already in the database as OK, though
> I would have thought the same would be true for you...
> Alan Batie ______ alan.batie.org Me
> alan at batie.org \ / www.qrd.org The Triangle
> PGPFP DE 3C 29 17 C0 49 7A \ / www.pgpi.com The Weird Numbers
> 27 40 A5 3C 37 4A DA 52 B9 \/ spamassassin.taint.org NO SPAM!
> To announce that there must be no criticism of the President, or that we
> are to stand by the President, right or wrong, is not only unpatriotic
> and servile, but is morally treasonable to the American public.
> -Theodore Roosevelt, 26th US President (1858-1919)
> Greylist-users mailing list
> Greylist-users at lists.puremagic.com
More information about the Greylist-users